Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

address micromatch vulnerability #6616

Merged
merged 1 commit into from
Sep 11, 2024
Merged

address micromatch vulnerability #6616

merged 1 commit into from
Sep 11, 2024

Conversation

potatowagon
Copy link
Contributor

@potatowagon potatowagon commented Sep 10, 2024
edited
Loading

@vercel Vercel
Copy link

vercel bot commented Sep 10, 2024
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
lexical ✅ Ready (Inspect) Visit Preview 💬 Add feedback Sep 11, 2024 6:34am
lexical-playground ✅ Ready (Inspect) Visit Preview 💬 Add feedback Sep 11, 2024 6:34am

@facebook-github-bot facebook-github-bot added the CLA Signed This label is managed by the Facebook bot. Authors need to sign the CLA before a PR can be reviewed. label Sep 10, 2024
@github-actions GitHub Actions
Copy link

github-actions bot commented Sep 10, 2024
edited
Loading

size-limit report 📦

Path Size
lexical - cjs 29.77 KB (0%)
lexical - esm 29.6 KB (0%)
@lexical/rich-text - cjs 38.24 KB (0%)
@lexical/rich-text - esm 31.46 KB (0%)
@lexical/plain-text - cjs 36.82 KB (0%)
@lexical/plain-text - esm 28.86 KB (0%)
@lexical/react - cjs 40.01 KB (0%)
@lexical/react - esm 32.93 KB (0%)

acywatson
acywatson reviewed Sep 10, 2024
View reviewed changes
package.json Outdated
@@ -188,6 +188,7 @@
"vite": "^5.2.11"
},
"dependencies": {
"micromatch": "^4.0.8",
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why are we adding this dep to the monorepo package.json?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

hmm yea perhaps i installed in the wrong page path

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

oh i saw wrongly, micromatch is a downstream dependency of a few installed dependencies. will figure a way to update correctly

Copy link
Contributor Author

@potatowagon potatowagon Sep 11, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ran npm update micromatch (prev i ran the wrong cmd)

@potatowagon potatowagon marked this pull request as draft September 10, 2024 14:23
@potatowagon potatowagon reopened this Sep 11, 2024
@potatowagon potatowagon marked this pull request as ready for review September 11, 2024 06:32
@potatowagon potatowagon added the extended-tests Run extended e2e tests on a PR label Sep 11, 2024
@potatowagon potatowagon added this pull request to the merge queue Sep 11, 2024
Merged via the queue into main with commit db093f7 Sep 11, 2024
77 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@acywatson acywatson acywatson left review comments

@freddymeta freddymeta freddymeta approved these changes

@abhijitt abhijitt abhijitt approved these changes

@zurfyx zurfyx Awaiting requested review from zurfyx zurfyx is a code owner

@fantactuka fantactuka Awaiting requested review from fantactuka fantactuka is a code owner

@Fetz Fetz Awaiting requested review from Fetz Fetz is a code owner

@ivailop7 ivailop7 Awaiting requested review from ivailop7 ivailop7 is a code owner

@Sahejkm Sahejkm Awaiting requested review from Sahejkm Sahejkm is a code owner

Assignees
No one assigned
Labels
CLA Signed This label is managed by the Facebook bot. Authors need to sign the CLA before a PR can be reviewed. extended-tests Run extended e2e tests on a PR
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@potatowagon @abhijitt @acywatson @freddymeta @facebook-github-bot