Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Address dependabot alerts #130

Merged
merged 1 commit into from
Feb 21, 2024
Merged

Address dependabot alerts #130

merged 1 commit into from
Feb 21, 2024

Conversation

lindboe
Copy link
Contributor

@lindboe lindboe commented Feb 16, 2024

For posterity, these are the reasons each of these resolutions was
added. They should all work fine; semver is a little concerning becuase
deps are depending on two different major versions there, but we can
only have a single resolution, but according to the changelog the only
breaking change was dropping support for older versions of node.

  1. @babel/traverse: GHSA-67hx-6x53-jw92 
    yarn why v1.22.19
[1/4] 🤔  Why do we have the module "@babel/traverse"...?
[2/4] 🚚  Initialising dependency graph...
[3/4] 🔍  Finding dependency...
[4/4] 🚡  Calculating file sizes...
=> Found "@babel/[email protected]"
info Has been hoisted to "@babel/traverse"
info Reasons this module exists
   - Hoisted from "@docusaurus#core#@babel#traverse"
   - Hoisted from "@docusaurus#core#@docusaurus#mdx-loader#@babel#traverse"
   - Hoisted from "@docusaurus#core#@babel#core#@babel#traverse"
   - Hoisted from "@docusaurus#core#@babel#core#@babel#helpers#@babel#traverse"
=> Found "@svgr/webpack#@babel/[email protected]"
info Reasons this module exists
   - "@docusaurus#core#@svgr#webpack#@babel#preset-typescript#@babel#plugin-transform-typescript#@babel#helper-create-class-features-plugin#@babel#helper-replace-supers" depends on it
   - Hoisted from "@docusaurus#core#@svgr#webpack#@babel#preset-typescript#@babel#plugin-transform-typescript#@babel#helper-create-class-features-plugin#@babel#helper-replace-supers#@babel#traverse"
  2. follow-redirects: GHSA-jchw-25xp-jwwc 
    yarn why v1.22.19
[1/4] 🤔  Why do we have the module "follow-redirects"...?
[2/4] 🚚  Initialising dependency graph...
[3/4] 🔍  Finding dependency...
[4/4] 🚡  Calculating file sizes...
=> Found "[email protected]"
info Reasons this module exists
   - "@docusaurus#core#webpack-dev-server#http-proxy-middleware#http-proxy" depends on it
   - Hoisted from "@docusaurus#core#webpack-dev-server#http-proxy-middleware#http-proxy#follow-redirects"
✨  Done in 0.23s.
  3. semver: GHSA-c2qf-rxjj-qqgw 
    yarn why v1.22.19
[1/4] 🤔  Why do we have the module "semver"...?
[2/4] 🚚  Initialising dependency graph...
[3/4] 🔍  Finding dependency...
[4/4] 🚡  Calculating file sizes...
=> Found "[email protected]"
info Has been hoisted to "semver"
info Reasons this module exists
   - Hoisted from "@babel#helper-create-class-features-plugin#semver"
   - Hoisted from "@babel#helper-create-regexp-features-plugin#semver"
   - Hoisted from "@docusaurus#core#@babel#core#semver"
   - Hoisted from "@docusaurus#core#@babel#plugin-transform-runtime#semver"
   - Hoisted from "@docusaurus#core#@babel#preset-env#semver"
   - Hoisted from "@docusaurus#core#@babel#core#@babel#helper-compilation-targets#semver"
   - Hoisted from "@docusaurus#core#@babel#plugin-transform-runtime#babel-plugin-polyfill-corejs2#semver"
=> Found "@docusaurus/core#[email protected]"
info This module exists because "@docusaurus#core" depends on it.
=> Found "update-notifier#[email protected]"
info This module exists because "@docusaurus#core#update-notifier" depends on it.
=> Found "css-loader#[email protected]"
info This module exists because "@docusaurus#core#css-loader" depends on it.
=> Found "postcss-loader#[email protected]"
info This module exists because "@docusaurus#core#postcss-loader" depends on it.
=> Found "fork-ts-checker-webpack-plugin#[email protected]"
info This module exists because "@docusaurus#core#react-dev-utils#fork-ts-checker-webpack-plugin" depends on it.
=> Found "semver-diff#[email protected]"
info This module exists because "@docusaurus#core#update-notifier#semver-diff" depends on it.
=> Found "package-json#[email protected]"
info This module exists because "@docusaurus#core#update-notifier#latest-version#package-json" depends on it.
✨  Done in 0.24s.

@lindboe lindboe marked this pull request as ready for review February 16, 2024 21:57
@lindboe lindboe mentioned this pull request Feb 16, 2024
Merged
morganick
morganick approved these changes Feb 20, 2024
View reviewed changes
Copy link
Contributor

@morganick morganick left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 👍

Any reason not to use a more current version of yarn?

Jpoliachik
Jpoliachik approved these changes Feb 20, 2024
View reviewed changes
Copy link
Contributor

@Jpoliachik Jpoliachik left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm!

Base automatically changed from docusaurus-upgrade to main February 21, 2024 22:20
@lindboe
Address dependabot alerts
d88887e 
For posterity, these are the reasons each of these resolutions was
added. They should all work fine; semver is a little concerning becuase
deps are depending on two different major versions there, but we can
only have a single resolution, but according to the changelog the only
breaking change was dropping support for older versions of node.

1. @babel/traverse: GHSA-67hx-6x53-jw92
  ```
  yarn why v1.22.19
  [1/4] 🤔  Why do we have the module "@babel/traverse"...?
  [2/4] 🚚  Initialising dependency graph...
  [3/4] 🔍  Finding dependency...
  [4/4] 🚡  Calculating file sizes...
  => Found "@babel/[email protected]"
  info Has been hoisted to "@babel/traverse"
  info Reasons this module exists
     - Hoisted from "@Docusaurus#core#@babel#traverse"
     - Hoisted from "@Docusaurus#core#@Docusaurus#mdx-loader#@babel#traverse"
     - Hoisted from "@Docusaurus#core#@babel#core#@babel#traverse"
     - Hoisted from "@Docusaurus#core#@babel#core#@babel#helpers#@babel#traverse"
  => Found "@svgr/webpack#@babel/[email protected]"
  info Reasons this module exists
     - "@Docusaurus#core#@svgr#webpack#@babel#preset-typescript#@babel#plugin-transform-typescript#@babel#helper-create-class-features-plugin#@babel#helper-replace-supers" depends on it
     - Hoisted from "@Docusaurus#core#@svgr#webpack#@babel#preset-typescript#@babel#plugin-transform-typescript#@babel#helper-create-class-features-plugin#@babel#helper-replace-supers#@babel#traverse"
  ```
2. follow-redirects: GHSA-jchw-25xp-jwwc
  ```
  yarn why v1.22.19
  [1/4] 🤔  Why do we have the module "follow-redirects"...?
  [2/4] 🚚  Initialising dependency graph...
  [3/4] 🔍  Finding dependency...
  [4/4] 🚡  Calculating file sizes...
  => Found "[email protected]"
  info Reasons this module exists
     - "@Docusaurus#core#webpack-dev-server#http-proxy-middleware#http-proxy" depends on it
     - Hoisted from "@Docusaurus#core#webpack-dev-server#http-proxy-middleware#http-proxy#follow-redirects"
  ✨  Done in 0.23s.
  ```
3. semver: GHSA-c2qf-rxjj-qqgw
  ```
  yarn why v1.22.19
  [1/4] 🤔  Why do we have the module "semver"...?
  [2/4] 🚚  Initialising dependency graph...
  [3/4] 🔍  Finding dependency...
  [4/4] 🚡  Calculating file sizes...
  => Found "[email protected]"
  info Has been hoisted to "semver"
  info Reasons this module exists
     - Hoisted from "@babel#helper-create-class-features-plugin#semver"
     - Hoisted from "@babel#helper-create-regexp-features-plugin#semver"
     - Hoisted from "@Docusaurus#core#@babel#core#semver"
     - Hoisted from "@Docusaurus#core#@babel#plugin-transform-runtime#semver"
     - Hoisted from "@Docusaurus#core#@babel#preset-env#semver"
     - Hoisted from "@Docusaurus#core#@babel#core#@babel#helper-compilation-targets#semver"
     - Hoisted from "@Docusaurus#core#@babel#plugin-transform-runtime#babel-plugin-polyfill-corejs2#semver"
  => Found "@docusaurus/core#[email protected]"
  info This module exists because "@Docusaurus#core" depends on it.
  => Found "update-notifier#[email protected]"
  info This module exists because "@Docusaurus#core#update-notifier" depends on it.
  => Found "css-loader#[email protected]"
  info This module exists because "@Docusaurus#core#css-loader" depends on it.
  => Found "postcss-loader#[email protected]"
  info This module exists because "@Docusaurus#core#postcss-loader" depends on it.
  => Found "fork-ts-checker-webpack-plugin#[email protected]"
  info This module exists because "@Docusaurus#core#react-dev-utils#fork-ts-checker-webpack-plugin" depends on it.
  => Found "semver-diff#[email protected]"
  info This module exists because "@Docusaurus#core#update-notifier#semver-diff" depends on it.
  => Found "package-json#[email protected]"
  info This module exists because "@Docusaurus#core#update-notifier#latest-version#package-json" depends on it.
  ✨  Done in 0.24s.
  ```
@lindboe
Copy link
Contributor Author

lindboe commented Feb 21, 2024

Any reason not to use a more current version of yarn?

I think you know more about this than I do! I'm used to yarn v1 since it's been the react-native default for so long.

@lindboe lindboe force-pushed the dependabot-upgrades branch from c4abe07 to d88887e Compare February 21, 2024 23:24
@lindboe lindboe merged commit 1066a63 into main Feb 21, 2024
1 check passed
@lindboe lindboe deleted the dependabot-upgrades branch February 21, 2024 23:27
cdanwards pushed a commit that referenced this pull request Feb 28, 2024
@lindboe @cdanwards
Address dependabot alerts (#130)
21f2cd1 
For posterity, these are the reasons each of these resolutions was
added. They should all work fine; semver is a little concerning becuase
deps are depending on two different major versions there, but we can
only have a single resolution, but according to the changelog the only
breaking change was dropping support for older versions of node.

1. @babel/traverse: GHSA-67hx-6x53-jw92
  ```
  yarn why v1.22.19
  [1/4] 🤔  Why do we have the module "@babel/traverse"...?
  [2/4] 🚚  Initialising dependency graph...
  [3/4] 🔍  Finding dependency...
  [4/4] 🚡  Calculating file sizes...
  => Found "@babel/[email protected]"
  info Has been hoisted to "@babel/traverse"
  info Reasons this module exists
     - Hoisted from "@Docusaurus#core#@babel#traverse"
     - Hoisted from "@Docusaurus#core#@Docusaurus#mdx-loader#@babel#traverse"
     - Hoisted from "@Docusaurus#core#@babel#core#@babel#traverse"
     - Hoisted from "@Docusaurus#core#@babel#core#@babel#helpers#@babel#traverse"
  => Found "@svgr/webpack#@babel/[email protected]"
  info Reasons this module exists
     - "@Docusaurus#core#@svgr#webpack#@babel#preset-typescript#@babel#plugin-transform-typescript#@babel#helper-create-class-features-plugin#@babel#helper-replace-supers" depends on it
     - Hoisted from "@Docusaurus#core#@svgr#webpack#@babel#preset-typescript#@babel#plugin-transform-typescript#@babel#helper-create-class-features-plugin#@babel#helper-replace-supers#@babel#traverse"
  ```
2. follow-redirects: GHSA-jchw-25xp-jwwc
  ```
  yarn why v1.22.19
  [1/4] 🤔  Why do we have the module "follow-redirects"...?
  [2/4] 🚚  Initialising dependency graph...
  [3/4] 🔍  Finding dependency...
  [4/4] 🚡  Calculating file sizes...
  => Found "[email protected]"
  info Reasons this module exists
     - "@Docusaurus#core#webpack-dev-server#http-proxy-middleware#http-proxy" depends on it
     - Hoisted from "@Docusaurus#core#webpack-dev-server#http-proxy-middleware#http-proxy#follow-redirects"
  ✨  Done in 0.23s.
  ```
3. semver: GHSA-c2qf-rxjj-qqgw
  ```
  yarn why v1.22.19
  [1/4] 🤔  Why do we have the module "semver"...?
  [2/4] 🚚  Initialising dependency graph...
  [3/4] 🔍  Finding dependency...
  [4/4] 🚡  Calculating file sizes...
  => Found "[email protected]"
  info Has been hoisted to "semver"
  info Reasons this module exists
     - Hoisted from "@babel#helper-create-class-features-plugin#semver"
     - Hoisted from "@babel#helper-create-regexp-features-plugin#semver"
     - Hoisted from "@Docusaurus#core#@babel#core#semver"
     - Hoisted from "@Docusaurus#core#@babel#plugin-transform-runtime#semver"
     - Hoisted from "@Docusaurus#core#@babel#preset-env#semver"
     - Hoisted from "@Docusaurus#core#@babel#core#@babel#helper-compilation-targets#semver"
     - Hoisted from "@Docusaurus#core#@babel#plugin-transform-runtime#babel-plugin-polyfill-corejs2#semver"
  => Found "@docusaurus/core#[email protected]"
  info This module exists because "@Docusaurus#core" depends on it.
  => Found "update-notifier#[email protected]"
  info This module exists because "@Docusaurus#core#update-notifier" depends on it.
  => Found "css-loader#[email protected]"
  info This module exists because "@Docusaurus#core#css-loader" depends on it.
  => Found "postcss-loader#[email protected]"
  info This module exists because "@Docusaurus#core#postcss-loader" depends on it.
  => Found "fork-ts-checker-webpack-plugin#[email protected]"
  info This module exists because "@Docusaurus#core#react-dev-utils#fork-ts-checker-webpack-plugin" depends on it.
  => Found "semver-diff#[email protected]"
  info This module exists because "@Docusaurus#core#update-notifier#semver-diff" depends on it.
  => Found "package-json#[email protected]"
  info This module exists because "@Docusaurus#core#update-notifier#latest-version#package-json" depends on it.
  ✨  Done in 0.24s.
  ```
cdanwards pushed a commit that referenced this pull request Feb 28, 2024
@lindboe @cdanwards
Address dependabot alerts (#130)
94378d0 
For posterity, these are the reasons each of these resolutions was
added. They should all work fine; semver is a little concerning becuase
deps are depending on two different major versions there, but we can
only have a single resolution, but according to the changelog the only
breaking change was dropping support for older versions of node.

1. @babel/traverse: GHSA-67hx-6x53-jw92
  ```
  yarn why v1.22.19
  [1/4] 🤔  Why do we have the module "@babel/traverse"...?
  [2/4] 🚚  Initialising dependency graph...
  [3/4] 🔍  Finding dependency...
  [4/4] 🚡  Calculating file sizes...
  => Found "@babel/[email protected]"
  info Has been hoisted to "@babel/traverse"
  info Reasons this module exists
     - Hoisted from "@Docusaurus#core#@babel#traverse"
     - Hoisted from "@Docusaurus#core#@Docusaurus#mdx-loader#@babel#traverse"
     - Hoisted from "@Docusaurus#core#@babel#core#@babel#traverse"
     - Hoisted from "@Docusaurus#core#@babel#core#@babel#helpers#@babel#traverse"
  => Found "@svgr/webpack#@babel/[email protected]"
  info Reasons this module exists
     - "@Docusaurus#core#@svgr#webpack#@babel#preset-typescript#@babel#plugin-transform-typescript#@babel#helper-create-class-features-plugin#@babel#helper-replace-supers" depends on it
     - Hoisted from "@Docusaurus#core#@svgr#webpack#@babel#preset-typescript#@babel#plugin-transform-typescript#@babel#helper-create-class-features-plugin#@babel#helper-replace-supers#@babel#traverse"
  ```
2. follow-redirects: GHSA-jchw-25xp-jwwc
  ```
  yarn why v1.22.19
  [1/4] 🤔  Why do we have the module "follow-redirects"...?
  [2/4] 🚚  Initialising dependency graph...
  [3/4] 🔍  Finding dependency...
  [4/4] 🚡  Calculating file sizes...
  => Found "[email protected]"
  info Reasons this module exists
     - "@Docusaurus#core#webpack-dev-server#http-proxy-middleware#http-proxy" depends on it
     - Hoisted from "@Docusaurus#core#webpack-dev-server#http-proxy-middleware#http-proxy#follow-redirects"
  ✨  Done in 0.23s.
  ```
3. semver: GHSA-c2qf-rxjj-qqgw
  ```
  yarn why v1.22.19
  [1/4] 🤔  Why do we have the module "semver"...?
  [2/4] 🚚  Initialising dependency graph...
  [3/4] 🔍  Finding dependency...
  [4/4] 🚡  Calculating file sizes...
  => Found "[email protected]"
  info Has been hoisted to "semver"
  info Reasons this module exists
     - Hoisted from "@babel#helper-create-class-features-plugin#semver"
     - Hoisted from "@babel#helper-create-regexp-features-plugin#semver"
     - Hoisted from "@Docusaurus#core#@babel#core#semver"
     - Hoisted from "@Docusaurus#core#@babel#plugin-transform-runtime#semver"
     - Hoisted from "@Docusaurus#core#@babel#preset-env#semver"
     - Hoisted from "@Docusaurus#core#@babel#core#@babel#helper-compilation-targets#semver"
     - Hoisted from "@Docusaurus#core#@babel#plugin-transform-runtime#babel-plugin-polyfill-corejs2#semver"
  => Found "@docusaurus/core#[email protected]"
  info This module exists because "@Docusaurus#core" depends on it.
  => Found "update-notifier#[email protected]"
  info This module exists because "@Docusaurus#core#update-notifier" depends on it.
  => Found "css-loader#[email protected]"
  info This module exists because "@Docusaurus#core#css-loader" depends on it.
  => Found "postcss-loader#[email protected]"
  info This module exists because "@Docusaurus#core#postcss-loader" depends on it.
  => Found "fork-ts-checker-webpack-plugin#[email protected]"
  info This module exists because "@Docusaurus#core#react-dev-utils#fork-ts-checker-webpack-plugin" depends on it.
  => Found "semver-diff#[email protected]"
  info This module exists because "@Docusaurus#core#update-notifier#semver-diff" depends on it.
  => Found "package-json#[email protected]"
  info This module exists because "@Docusaurus#core#update-notifier#latest-version#package-json" depends on it.
  ✨  Done in 0.24s.
  ```
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Jpoliachik Jpoliachik Jpoliachik approved these changes

@morganick morganick morganick approved these changes

@cdanwards cdanwards Awaiting requested review from cdanwards

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@lindboe @morganick @Jpoliachik