Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade vite version to address vulnerabilities detected by the Open … #6284

Merged
merged 2 commits into from
Jun 10, 2024
Merged

Upgrade vite version to address vulnerabilities detected by the Open … #6284

merged 2 commits into from
Jun 10, 2024

Conversation

Sahejkm
Copy link
Contributor

@Sahejkm Sahejkm commented Jun 10, 2024

WHAT

Upgrate vite version in scripts/tests/integration/fixtures/lexical-esm-sveltekit-vanilla-js

WHY

Task raised by Meta Open source bot

GitHub has identified a security vulnerability in a package dependency defined in the repository, facebook/lexical.

Package Dependency
Repository: facebook/lexical
Manifest file: scripts/tests/integration/fixtures/lexical-esm-sveltekit-vanilla-js/package-lock.json
Package name: vite
Affected versions: >= 5.1.0, <= 5.1.6
Fixed in version: 5.1.7
Severity: MODERATE

References
GHSA-8jhw-289h-jh2g
vitejs/vite@011bbca
vitejs/vite@5a056dd
vitejs/vite@89c7c64
vitejs/vite@96a7f3a
vitejs/vite@ba5269c
vitejs/vite@d2db33f
https://nvd.nist.gov/vuln/detail/CVE-2024-31207
GHSA-8jhw-289h-jh2g

@vercel Vercel
Copy link

vercel bot commented Jun 10, 2024
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
lexical ✅ Ready (Inspect) Visit Preview 💬 Add feedback Jun 10, 2024 7:14am
lexical-playground ✅ Ready (Inspect) Visit Preview 💬 Add feedback Jun 10, 2024 7:14am

@facebook-github-bot facebook-github-bot added the CLA Signed This label is managed by the Facebook bot. Authors need to sign the CLA before a PR can be reviewed. label Jun 10, 2024
@github-actions GitHub Actions
Copy link

github-actions bot commented Jun 10, 2024
edited
Loading

size-limit report 📦

Path Size
lexical - cjs 28.31 KB (0%)
lexical - esm 28.13 KB (0%)
@lexical/rich-text - cjs 36.77 KB (0%)
@lexical/rich-text - esm 28.09 KB (0%)
@lexical/plain-text - cjs 35.36 KB (0%)
@lexical/plain-text - esm 25.33 KB (0%)
@lexical/react - cjs 38.51 KB (0%)
@lexical/react - esm 29.14 KB (0%)

@Sahejkm Sahejkm marked this pull request as ready for review June 10, 2024 07:19
@Sahejkm Sahejkm mentioned this pull request Jun 10, 2024
Closed
@Sahejkm
Copy link
Contributor Author

Sahejkm commented Jun 10, 2024
edited
Loading

Test failures look like flaky tests, updated in the other Issue for tracking failing tests in CI

@Sahejkm Sahejkm added this pull request to the merge queue Jun 10, 2024
Merged via the queue into main with commit ba9e8af Jun 10, 2024
36 of 39 checks passed
This was referenced Jul 23, 2024
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ivailop7 ivailop7 ivailop7 approved these changes

@zurfyx zurfyx Awaiting requested review from zurfyx zurfyx is a code owner

@fantactuka fantactuka Awaiting requested review from fantactuka fantactuka is a code owner

@acywatson acywatson Awaiting requested review from acywatson acywatson is a code owner

@Fetz Fetz Awaiting requested review from Fetz Fetz is a code owner

@potatowagon potatowagon Awaiting requested review from potatowagon potatowagon is a code owner

Assignees
No one assigned
Labels
CLA Signed This label is managed by the Facebook bot. Authors need to sign the CLA before a PR can be reviewed.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Sahejkm @ivailop7 @facebook-github-bot