Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Issues/406 latest cves #407

Merged
merged 2 commits into from
Sep 24, 2024
Merged

Issues/406 latest cves #407

merged 2 commits into from
Sep 24, 2024

Conversation

parksjr
Copy link
Contributor

@parksjr parksjr commented Sep 24, 2024

Related Issue(s):

Proposed Changes:

  1. Resolves moderate CVEs by upgrading a few dev dependencies
  2. Adds cross-env package to set NODE_ENV before running tests, which was a fix for a side effect of upgrading vite to latest 5.1.x patch

PR Checklist:

  • I have added my changes to the CHANGELOG or a CHANGELOG entry is not required.

parksjr
parksjr commented Sep 24, 2024
View reviewed changes
package.json
@@ -73,7 +73,7 @@
"build": "tsc && vite build",
"serve": "vite preview --outDir build",
"test": "vitest",
"test-pre-commit": "vitest --run",
"test-pre-commit": "cross-env NODE_ENV=test vitest --run",
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

While the other changes to packages in here were directly related to CVEs, this change, along with the adding of the cross-env package, was a result of a side effect after patch upgrading vite.

In the pre-commit hook, tests were running in production env, and resulting in this error:

act(...) is not supported in production builds of React

Setting NODE_ENV=test before running ensure it runs in test environment, and doesn't have an issue with act(...). Using the cross-env package for that is to make setting the variable as platform agnostic as possible.

Thanks to this github issue discussion: Github issue discussion

@ircwaves
Copy link

This all looks good, but under the green check marks, we do have a pipeline warning:

The following actions use a deprecated Node.js version and will be forced to run on node20: actions/checkout@v3, actions/setup-node@v3. For more info: https://github.blog/changelog/2024-03-07-github-actions-all-actions-will-run-on-node20-instead-of-node16-by-default/

Maybe that is just another ticket for the backlog.

@parksjr
Copy link
Contributor Author

parksjr commented Sep 24, 2024

Closes #406

@parksjr parksjr linked an issue Sep 24, 2024 that may be closed by this pull request
Resolve latest round of vite CVEs (5 moderate) #406
Closed
@parksjr
Copy link
Contributor Author

parksjr commented Sep 24, 2024

New issue to address the pipeline node version warning here: #408

@parksjr parksjr merged commit 5299b99 into main Sep 24, 2024
3 checks passed
@parksjr parksjr deleted the issues/406-latest-cves branch September 24, 2024 14:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hectormachin hectormachin hectormachin approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Resolve latest round of vite CVEs (5 moderate)
3 participants
@parksjr @ircwaves @hectormachin