Skip to content

Upgrade lerna, et al to address security vulnerabilities, modernise build environment#2507

Merged
mfedderly merged 9 commits intoTurfjs:masterfrom
smallsaucepan:upgrade-lerna-etc
Oct 6, 2023
Merged

Upgrade lerna, et al to address security vulnerabilities, modernise build environment#2507
mfedderly merged 9 commits intoTurfjs:masterfrom
smallsaucepan:upgrade-lerna-etc

Conversation

@smallsaucepan
Copy link
Member

@smallsaucepan smallsaucepan commented Oct 6, 2023

Upgrading lerna and a couple of other build related libraries. Addresses potential security vulnerabilities (from 3rd party libraries):

severity before after
low 1 1
moderate 15 2
high 60 24
critical 8 0 🎉

Also modernises the build environment, for example meaning we can take advantage of lerna caching. Our configuration may need some tweaking esp around publishing to npm, though this should be a good base to work from.

Please fill in this template.

  • Use a meaningful title for the pull request. Include the name of the package modified.
  • Have read How To Contribute.
  • Run npm test at the sub modules where changes have occurred.
  • Run npm run lint to ensure code style at the turf module level.

Submitting a new TurfJS Module.

n/a

@smallsaucepan
Upgrading to newest @types/node for the typescript version we current…
b6a7518 
…ly use (3.8.3). https://www.npmjs.com/package/@types/node?activeTab=versions
@smallsaucepan
Big update to lerna to address security vulnerabilities. bootstrap co…
de29b29 
…mmand no longer required. Seems to build and test ok. May need some tweaking. Will add build caching at a later date.
@smallsaucepan
Updating documentation (the NPM library) to address security vulnerab…
cd842c6 
…ilities. Had to wrap body of script so as be async, though otherwise unchanged.
@smallsaucepan
Updating es-check to address security vulnerabilities.
d0fbbe9
@smallsaucepan
Updating tape library to address security vulnerabilities.
bb0d20f
@smallsaucepan
Add lerna caching (via nx). Simplistic setup so will need some tweaki…
1fea0e1 
…ng. Remove redundant packages setting from lerna.json (will default to packages setting in package.json instead). Have to add --npm-path to all npm-run-all calls so that lerna doesn't accidentally end up being used as the npm binary. mysticatea/npm-run-all#218 and lerna/lerna#1842 have more details.
@smallsaucepan
Missed a couple of carats in package.json dependency specs.
70c8f3b
@smallsaucepan
Also need to commit a new yarn.lock file to reflect version spec chan…
f2460c2 
…ges in previous commit.
mfedderly
mfedderly approved these changes Oct 6, 2023
View reviewed changes
scripts/generate-readmes
: glob.sync(path.join(__dirname, "..", "packages", "turf-*", "package.json"));
(async () => {
// documentation v14 has moved to ESM so need to import as if async, and wrap
// in an IIFE as top level async not allowed.
Copy link
Collaborator

@mfedderly mfedderly Oct 6, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Weird 🤷

nx.json
@@ -0,0 +1,52 @@
{
Copy link
Collaborator

@mfedderly mfedderly Oct 6, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'll admit to not being fully up to speed on nx, but this looks sane to me.

@mfedderly mfedderly merged commit f6e64ff into Turfjs:master Oct 6, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mfedderly mfedderly mfedderly approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@smallsaucepan @mfedderly