Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[FX-5705] Add resolution for babel/core/json5 #344

Merged
merged 1 commit into from
Jul 30, 2024
Merged

[FX-5705] Add resolution for babel/core/json5 #344

merged 1 commit into from
Jul 30, 2024

Conversation

sashuk
Copy link
Collaborator

@sashuk sashuk commented Jul 29, 2024
edited
Loading

FX-5705

Description

This pull request updates @toptal/davinci-qa and @toptal/davinci-syntax versions to have fresher @babel/core that has non-vulnerable json5 as a dependency.

Before (v2.2.1 is vulnerable https://github.com/toptal/topkit/security/dependabot/123)

=> Found "@babel/core#[email protected]"
info This module exists because "@babel#core" depends on it.
info Disk size without dependencies: "288KB"
info Disk size with unique dependencies: "288KB"
info Disk size with transitive dependencies: "288KB"

After

=> Found "[email protected]"
info Has been hoisted to "json5"
info Reasons this module exists
   - Hoisted from "@babel#core#json5"
   - Hoisted from "@toptal#davinci-qa#@babel#core#json5"
   - Hoisted from "@toptal#davinci-syntax#@stylelint#postcss-css-in-js#@babel#core#json5"
   - Hoisted from "@toptal#davinci-syntax#@toptal#eslint-plugin-davinci#require-json5#json5"
   - Hoisted from "@toptal#davinci-qa#jest#@jest#core#@jest#reporters#istanbul-lib-instrument#@babel#core#json5"
info Disk size without dependencies: "292KB"
info Disk size with unique dependencies: "292KB"
info Disk size with transitive dependencies: "292KB"
info Number of shared dependencies: 0
=> Found "tsconfig-paths#[email protected]"
info This module exists because "@toptal#davinci-syntax#eslint-plugin-import#tsconfig-paths" depends on it.

How to test

  • All checks should pass

Development checks

  • [N/A] Add changeset according to guidelines (if needed)
PR commands

List of available commands:

  • @toptal-anvil ping reviewers - Ping FX team for review

@sashuk sashuk self-assigned this Jul 29, 2024
@changeset-bot changeset-bot
Copy link

changeset-bot bot commented Jul 29, 2024
edited
Loading

⚠️ No Changeset found

Latest commit: 552bef0

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@sashuk sashuk marked this pull request as ready for review July 29, 2024 19:00
@sashuk sashuk requested a review from a team July 29, 2024 19:00
@sashuk sashuk marked this pull request as draft July 29, 2024 19:02
@sashuk sashuk marked this pull request as ready for review July 29, 2024 19:11
@sashuk
Copy link
Collaborator Author

sashuk commented Jul 29, 2024

@toptal-anvil ping reviewers

@sashuk sashuk force-pushed the fx-5705-topkit-json5-djcyw82 branch from 5805af9 to c4076a5 Compare July 30, 2024 09:08
@sashuk sashuk force-pushed the fx-5705-topkit-json5-djcyw82 branch from c4076a5 to 552bef0 Compare July 30, 2024 09:13
@sashuk sashuk requested a review from a team July 30, 2024 09:17
@sashuk
Copy link
Collaborator Author

sashuk commented Jul 30, 2024

@toptal-anvil ping reviewers

@sashuk sashuk merged commit 7db629e into master Jul 30, 2024
6 checks passed
@sashuk sashuk deleted the fx-5705-topkit-json5-djcyw82 branch July 30, 2024 09:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mkrl mkrl mkrl approved these changes

@dmaklygin dmaklygin dmaklygin approved these changes

Assignees

@sashuk sashuk

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@sashuk @dmaklygin @mkrl