Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat!: update workbox to 7.3.0 #781

Merged
merged 2 commits into from
Nov 13, 2024
Merged

feat!: update workbox to 7.3.0 #781

merged 2 commits into from
Nov 13, 2024
+1,465 −976

Conversation

userquin
Copy link
Member

@userquin userquin commented Nov 12, 2024
edited
Loading

Description

This PR also includes:

  • fix Rollup build XSS vulnerability (CVE-2024-43788): removed rollup from dev dependencies adding it to "pnpm.overrides"
  • use node:module to fix Dynamic require of "workbox-build" error

With this PR the plugin can still be used with Vite 3.

supersedes #759

Linked Issues

resolves #667
resolves #758

Additional Context

Tip

The author of this PR can publish a preview release by commenting /publish below.

@netlify Netlify
Copy link

netlify bot commented Nov 12, 2024
edited
Loading

Deploy Preview for vite-plugin-pwa-legacy ready!

Name Link
🔨 Latest commit 5feb7a1
🔍 Latest deploy log https://app.netlify.com/sites/vite-plugin-pwa-legacy/deploys/67332e362f55ba0008723e5e
😎 Deploy Preview https://deploy-preview-781--vite-plugin-pwa-legacy.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

@userquin
Copy link
Member Author

/publish

@pkg-pr-new pkg.pr.new
Copy link

pkg-pr-new bot commented Nov 12, 2024 

pnpm add https://pkg.pr.new/vite-plugin-pwa@781

commit: 5feb7a1

This was referenced Nov 12, 2024
Closed
Closed
@userquin userquin merged commit e01e4ce into main Nov 13, 2024
7 checks passed
@userquin userquin deleted the userquin/feat-update-workbox-deps branch November 13, 2024 10:17
@userquin userquin mentioned this pull request Nov 13, 2024
Merged
@jochen-lise
Copy link

jochen-lise commented Nov 18, 2024
edited
Loading

Hello, the release of this PR (0.21.0) is marked with a breaking change. What exactly is breaking? So I can check if i have to adjust something in my project. I am not into workbox etc so i dont see it from just the dependency update.

edit: ah i think i found it over in workbox as you jump from 6.5 to 7.3:

Workbox v7.0.0
⚠️ Breaking changes

Minimum required version Node 16

@userquin
Copy link
Member Author

userquin commented Nov 18, 2024
edited
Loading

rollup version updated to fix XSS vulnerability

@jochen-lise
Copy link

Sorry if I'm making an extra effort, but I don't understand. Can you explain to me what the breaking change is and whether I have to pay attention to anything as a user of the plugin?

@userquin
Copy link
Member Author

Rollup removed in this PR and workbox changed the rollup version to fix the vulnerability (also Vite), if you're not using rollup in your app directly you can just update dependencies, it should work

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
cr-tracked
Projects
None yet
Milestone
No milestone
2 participants
@userquin @jochen-lise