Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

security: update dev packages #2023

Merged
merged 5 commits into from
Jan 15, 2025
Merged

security: update dev packages #2023

merged 5 commits into from
Jan 15, 2025

Conversation

colinmurphy
Copy link
Contributor

@colinmurphy colinmurphy commented Jan 10, 2025
edited
Loading

Updated packages so we could fix the security vulnurability for nesbot/carbon

We needed to updated the dev dependency for lucatume/wp-browser to version 4 and we also had to update the codeception packages too.

Tasks

  • I have signed a Contributor License Agreement (CLA) with WP Engine.
  • If a code change, I have written testing instructions that the whole team & outside contributors can understand.
  • I have written and included a comprehensive changeset to properly document the changes I've made.

Description

Fixes security vulnerability for https://github.com/wpengine/faustjs/security/dependabot/229

It updates the lucatume/wp-browser to remove nesbot/carbon as it needed to be at least version 2.7.6 - https://github.com/wpengine/faustjs/pull/2023/files#diff-52ed4176df556392b4f72b1d0300a7a75d59103da85b7d37b1fa9c849f2f82acL383

I also sorted the packages

Related Issue(s):

Testing

Screenshots

Documentation Changes

Dependant PRs

@colinmurphy
Security update to update a package
d1ba8e6 
Updated packages so we could fix the  security vulnurability for nesbot/carbon

We needed to updated the dev dependency for lucatume/wp-browser to version 4 and we also had to update the codeception packages too.
@changeset-bot changeset-bot
Copy link

changeset-bot bot commented Jan 10, 2025
edited
Loading

🦋 Changeset detected

Latest commit: b8bbfe9

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package
Name Type
@faustwp/wordpress-plugin Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Jan 10, 2025
edited
Loading

📦 Next.js Bundle Analysis for @faustwp/getting-started-example

This analysis was generated by the Next.js Bundle Analysis action. 🤖

This PR introduced no changes to the JavaScript bundle! 🙌

@colinmurphy colinmurphy changed the title Security update to update a package security: Update dev packages Jan 10, 2025
@colinmurphy colinmurphy changed the title security: Update dev packages security: update dev packages Jan 10, 2025
colinmurphy
colinmurphy commented Jan 10, 2025
View reviewed changes
plugins/faustwp/composer.lock
},
"require-dev": {
"doctrine/dbal": "^4.0.0",
"nesbot/carbon": "^2.71.0 || ^3.0.0",
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Security fix. This needed to be at least 2.71.6 which is why the bot couldn't update cc @theodesp

@colinmurphy colinmurphy marked this pull request as ready for review January 10, 2025 19:19
@colinmurphy colinmurphy requested a review from a team as a code owner January 10, 2025 19:19
@moonmeister moonmeister added the needs: reviewer response his needs the attention of a codeowner or maintainer label Jan 14, 2025
@colinmurphy colinmurphy merged commit ab06786 into canary Jan 15, 2025
18 checks passed
@colinmurphy colinmurphy deleted the security-update-carbon branch January 15, 2025 16:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@theodesp theodesp theodesp approved these changes

Assignees
No one assigned
Labels
needs: reviewer response his needs the attention of a codeowner or maintainer
Projects
Headless OSS
Status: ✅ Closed
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@colinmurphy @theodesp @moonmeister