Skip to content

Fix security vulnerability and cleanup deps #11

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Apr 25, 2025
Merged

Fix security vulnerability and cleanup deps #11

merged 5 commits into from
Apr 25, 2025

Conversation

@janvhs
Copy link
Contributor

@janvhs janvhs commented Mar 28, 2025
edited
Loading

During install, npm warned against the following vulnerability
GHSA-67mh-4wv8-2f99 . This commit bumps
the effected esbuild version and vitest, which depends on it.
In addition, I cleaned up the dependency tree, added a fmt
step and made 2 visual corrections to the bench.js script

janvhs added 3 commits March 28, 2025 08:58
@janvhs
Fix security venerability
5f9363e 
During install, npm warned against the following venerability
GHSA-67mh-4wv8-2f99 . This commit bumps
the effected esbuild version and vitest, which depends on it.
@janvhs
Bump and Remove Unused Dependencies, add Formatting
57986b5 
This commit updates prettier, so it now respects and therefore ignores
files in the folder dist.  Furthermore, arg, npm-run-all and globby are
not used and only pull in unused code and therefore cause a wider attack
surface on developer machines
@janvhs
Format Code, and Fix Spacing and Name in bench.js
4f460e5 
The spacing in scripts/bench.js was off, leading to an unconsitent
visual output when running the benchmark.  Furthermore, the benchmark
was still named ultraflags.  Prettier was used to format the rest of the
code
@changeset-bot
Copy link

changeset-bot bot commented Mar 28, 2025

⚠️ No Changeset found

Latest commit: 4f460e5

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@janvhs janvhs changed the title Fix security venerability and cleanup deps Fix security vulnerability and cleanup deps Mar 28, 2025
@janvhs
Copy link
Contributor Author

janvhs commented Mar 28, 2025

Typescript could probably be updated at some point as well, but I don't know the bombshell policy on that

@janvhs
Copy link
Contributor Author

janvhs commented Mar 30, 2025

Do i need to do this changeset things?

@natemoo-re
Copy link
Member

natemoo-re commented Mar 31, 2025

@janvhs nah that's okay, it's only needed for changes to the user-facing API! I really appreciate you jumping in with a PR 🙏

I'm actually working on some shared infra for the whole org and was hoping to use this repo to dogfood our formatting. Would you mind pulling the prettier changes out of this PR?

@janvhs
Copy link
Contributor Author

janvhs commented Apr 1, 2025

Sure I‘ll do that!

janvhs added 2 commits April 10, 2025 13:31
@janvhs
Revert "Format Code, and Fix Spacing and Name in bench.js"
59c6d5c 
This reverts commit 4f460e5.
@janvhs
Fix Spacing and Library Name in bench.js
9289c97 
The spacing in scripts/bench.js was off, leading to an unconsitent
visual output when running the benchmark.  Furthermore, the benchmark
was still named ultraflags.
@janvhs
Copy link
Contributor Author

janvhs commented Apr 10, 2025

@natemoo-re Sorry for the delay. Here are the changes as promised!

natemoo-re
natemoo-re approved these changes Apr 25, 2025
View reviewed changes
Copy link
Member

@natemoo-re natemoo-re left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Awesome, thank you so much for the PR!

@natemoo-re natemoo-re merged commit fea2973 into bombshell-dev:main Apr 25, 2025
1 check failed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@natemoo-re natemoo-re natemoo-re approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@janvhs @natemoo-re