fix: Security vulnerabilities and peer dependency warnings #1005
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- Bump @changesets/cli to version 2.29.8. - Add dependency overrides for various packages in package.json and pnpm-lock.yaml. - Update express to version 4.21.0 and vue-i18n to version 9.14.3 in several examples. - Upgrade @playwright/test to version 1.55.1 and typescript-eslint packages in multiple packages. - Refactor eslint configuration to use @vitest/eslint-plugin instead of eslint-plugin-vitest. - Update various other dependencies to their latest versions for improved performance and compatibility.
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
BrocksiNet
changed the title
BrocksiNet
changed the title
…nt-library - Added @types/semver dependency to admin-sdk package.json. - Updated pnpm-lock.yaml to include @types/semver version 7.7.1. - Refactored import statements in compare-version.ts for better clarity. - Enhanced tsconfig.json files in admin-sdk and stylelint-plugin-meteor with additional types and configuration options. - Improved comments in vitest.setup.ts for clarity. - Fixed notification.mixin.ts to use a string for title instead of a translation function.
…endencies - Introduced .eslintrc.cjs and jest.config.cjs for improved code quality and testing setup. - Updated @types/jest to version 29.5.0 and other TypeScript-related dependencies to version 7.18.0. - Enhanced tsconfig.json with isolatedModules option for better TypeScript handling. - Refactored import statements in channel.ts and serializer/index.ts for clarity and organization. - Adjusted totalCountMode logic in Criteria.ts for better validation. - Updated repository.ts to streamline type imports and improve type safety.
- Added "types" option to tsconfig.json files in admin-sdk, icon-kit, and tokens to prevent auto-discovery of @types packages. - Refactored import statements in icon-kit/src/figma/index.ts to remove unnecessary type imports and updated method return types for better clarity.
- Removed unnecessary whitespace in vercel.json. - Adjusted event handling in mt-label.vue for better readability. - Updated prop names in mt-priority-plus-navigation.vue to use kebab-case. - Refactored event emission in mt-banner.spec.ts and mt-toast.vue for consistency. - Enhanced mt-base-field.vue by restructuring data and setup methods. - Added new props to mt-select-base.vue for improved functionality. - Streamlined mt-select-result-list.vue by removing redundant prop definitions. - Updated aria attributes in mt-select-result.vue for better accessibility. - Refined event handling in mt-switch.vue and mt-text-editor components for clarity. - Improved tooltip and modal components for better usability and consistency.
- Added "wait-on" dependency at version 8.0.0 to package.json. - Updated "wait-on" version to 8.0.5 in pnpm-lock.yaml. - Updated "joi" version to 18.0.2 in pnpm-lock.yaml. - Refactored various dependencies for improved compatibility and performance.
…or better event propagation control
- Removed "glob" dependency version 11.1.0 and added version 10.5.0 and 7.2.3 for improved compatibility. - Added "nyc" dependency at version 17.1.0 to package.json and updated its version in pnpm-lock.yaml. - Refactored various dependencies for better performance and compatibility.
- Bumped Playwright version from 1.47.2 to 1.55.1 for improved features and compatibility.
…and pnpm-lock.yaml - Added @swc/core at version 1.10.0 in package.json. - Updated all instances of @swc/core to version 1.15.7 in pnpm-lock.yaml for improved compatibility and performance.
- Replaced Playwright installation steps with a single command to install browsers along with dependencies for improved efficiency.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What?
Fix security vulnerabilities and peer dependency warnings across the monorepo
Why?
https://github.com/shopware/shopware/actions/runs/20370831904/job/58536804822?pr=14076
How?
Security Updates
storybook^8.6.12^8.6.15nuxt^3.10.3^3.16.1vue-i18n^9.9.1^9.14.3express^4.18.2^4.21.0@changesets/cli^2.27.1^2.29.8@playwright/test^1.45.0^1.55.1madge^5.0.1^8.0.0vite^2.8.6^5.4.0vite-plugin-dts^0.9.10^4.5.0typescript^4.9.4^5.7.0svgo-autocrop1.1.11.1.2Peer Dependency Fixes
@typescript-eslint/eslint-plugin^5.47.0→^8.36.0@typescript-eslint/parser^8.36.0→^8.50.0typescript-eslint^8.24.1→^8.35.0eslint-plugin-vitest@vitest/eslint-plugin@^1.5.4@tiptap/extension-image^3.2.1→^2.22.3@types/node^20.11.28→^22.15.0@storybook/test-runner^0.22.0→^0.21.0pnpm Overrides
Added overrides in root
package.jsonto fix transitive dependency vulnerabilities:form-data,node-fetch,ws,axios,body-parser,rollup,semver,cross-spawn,linkifyjs,tar-fs,glob,node-forge,playwrightESLint Config Updates
Updated import from
eslint-plugin-vitestto@vitest/eslint-pluginin:packages/component-library/eslint.config.mjspackages/tokens/eslint.config.mjsTesting?
pnpm installcompletes successfullypnpm audit --audit-level=highshows 0 high/critical vulnerabilitiesScreenshots (optional)
N/A
Anything Else?
ts-jestin admin-sdk (requires Jest upgrade to fully resolve)svgo-autocropbin warning is a known issue with that package, doesn't affect functionality