Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: bump cross-spawn version to be at least 7.0.5 #3031

Closed
wants to merge 2 commits into from
Closed

chore: bump cross-spawn version to be at least 7.0.5 #3031

wants to merge 2 commits into from
+1,486 −1,915

Conversation

bobbyu99
Copy link
Contributor

@bobbyu99 bobbyu99 commented Nov 18, 2024
edited
Loading

Description of changes

This PR is to fix this dependabot alert. In shot, cross-spawn is used by husky and needs to be bumped to be higher than 7.0.5 for a security patch.

  • bumping husky to ^5.0.0 and cross-spawn to 7.0.6.
CDK / CloudFormation Parameters Changed

Issue #, if available

Description of how you validated changes

Checklist

  • PR description included
  • yarn test passes
  • E2E test run linked
  • Tests are changed or added
  • Relevant documentation is changed or added (and PR referenced)
  • New AWS SDK calls or CloudFormation actions have been added to relevant test and service IAM policies
  • Any CDK or CloudFormation parameter changes are called out explicitly

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@bobbyu99 bobbyu99 marked this pull request as ready for review November 18, 2024 21:48
@bobbyu99 bobbyu99 requested a review from a team as a code owner November 18, 2024 21:48
@bobbyu99 bobbyu99 requested a review from a team as a code owner November 18, 2024 21:55
dpilch
dpilch reviewed Nov 18, 2024
View reviewed changes
packages/amplify-data-construct/.jsii
@@ -3991,7 +3991,7 @@
"stability": "stable"
},
"homepage": "https://github.com/aws-amplify/amplify-category-api.git",
"jsiiVersion": "5.5.4 (build 1378d94)",
"jsiiVersion": "5.6.0 (build 7be6ace)",
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why is the JSII version changing?

Copy link
Contributor Author

@bobbyu99 bobbyu99 Nov 18, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I merged changes from main, then I ran yarn build and yarn test. The JSII version change appears after running yarn build.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It probably shouldn't be changing from modifying the husky version.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lemme try again

@bobbyu99 bobbyu99 closed this Nov 18, 2024
@bobbyu99 bobbyu99 deleted the bump-cross-spawn-version branch November 18, 2024 22:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dpilch dpilch dpilch left review comments

@tejas2008 tejas2008 tejas2008 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@bobbyu99 @dpilch @tejas2008