Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: npm audit fixes and lock files #1081

Merged
merged 1 commit into from
Jul 29, 2024
Merged

fix: npm audit fixes and lock files #1081

merged 1 commit into from
Jul 29, 2024

Conversation

joebowbeer
Copy link
Contributor

@joebowbeer joebowbeer commented Jul 27, 2024
edited
Loading

Description

  • Fixes most npm audit issues in quickstarts and tutorials
  • Adds missing package-lock.json files

Also:

As it stands, all the affected code installs and runs. Tested in the devcontainer.

However, there are still some audit issues in two react app clients, but to fix them would require updating the react-scripts, which is not in my wheelhouse.

  • tutorials/distributed-calculator/react-calculator/client
  • tutorials/pub-sub/react-form/client

npm audit output includes:

fix available via npm audit fix --force
Will install [email protected], which is a breaking change

Issue reference

Please reference the issue this PR will close: #1063

Checklist

Please make sure you've completed the relevant tasks for this PR, out of the following list:

  • The quickstart code compiles correctly
  • You've tested new builds of the quickstart if you changed quickstart code
  • You've updated the quickstart's README if necessary
  • If you have changed the steps for a quickstart be sure that you have updated the automated validation accordingly. All of our quickstarts have annotations that allow them to be executed automatically as code. For more information see mechanical-markdown. For user guide with examples see Examples.

@paulyuk paulyuk changed the base branch from master to release-1.14 July 28, 2024 19:01
@paulyuk paulyuk requested review from a team as code owners July 28, 2024 19:01
@paulyuk
Copy link
Contributor

paulyuk commented Jul 28, 2024

Thank you @joebowbeer - this was in pretty bad need of a dependency check. Looks great. I'm trying to ship out of release-1.14 branch given we're in endgame. Could you please sync up and fix merge conflicts there? (just just be package locks fixed up by a new npm install). Then we are likely good to go and I'll take it for the release.

@paulyuk paulyuk self-requested a review July 28, 2024 19:03
@paulyuk paulyuk added language/javascript Pull requests that update Javascript code P1 labels Jul 28, 2024
@paulyuk paulyuk added this to the 1.14 milestone Jul 28, 2024
@joebowbeer
Copy link
Contributor Author

@paulyuk rebased - PTAL

paulyuk
paulyuk approved these changes Jul 29, 2024
View reviewed changes
Copy link
Contributor

@paulyuk paulyuk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@paulyuk
Copy link
Contributor

paulyuk commented Jul 29, 2024

just waiting for checks and then we'll merge. Thank you!

@paulyuk paulyuk merged commit c253120 into dapr:release-1.14 Jul 29, 2024
7 checks passed
@joebowbeer joebowbeer deleted the npm-audit-fix branch July 29, 2024 15:51
@paulyuk paulyuk mentioned this pull request Jul 29, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@paulyuk paulyuk paulyuk approved these changes

Assignees

@joebowbeer joebowbeer

Labels
language/javascript Pull requests that update Javascript code P1
Projects
v1.14 Release Tracking Board
Status: Done
Milestone
1.14
Development

Successfully merging this pull request may close these issues.

javascript quickstarts need npm audit fixes
2 participants
@joebowbeer @paulyuk