Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

upgrade sanity version #277

Merged
merged 3 commits into from
Mar 18, 2024
Merged

upgrade sanity version #277

merged 3 commits into from
Mar 18, 2024

Conversation

Burnett2k
Copy link
Member

@Burnett2k Burnett2k commented Mar 14, 2024
edited
Loading

Description

This change moves to a newer version of sanity which doesn't reference a vite vulnerability. A separate PR will be created to update vitest which also references a vulnerable vite version.

helps close #274

The latest is 3.33.0, but I figured to reduce risk I'd do the minimum bumping needed to get past the vite issue. More than happy to upgrade to latest though. One benefit of 3.29.0 and up is that they're signed and have provenance turned on.

More info on vite vulnerability

Essentially, we just need to be on > 4.5.2 or later

output of pnpm why vite -r after the upgrade (vitest has been omitted since it's a dev dependency and will be handled in another pull request.)

❯ pn why vite -r
Legend: production dependency, optional only, dev only

playground-example@0.0.1 /Users/sawyerburnett/git-repos/formidable/groqd/examples/playground-example

dependencies:
groqd-playground link:../../packages/groqd-playground
└─┬ sanity 3.15.0
  ├─┬ @vitejs/plugin-react 4.2.1
  │ └── vite 4.5.2 peer
  └── vite 4.5.2
sanity 3.15.0
├─┬ @vitejs/plugin-react 4.2.1
│ └── vite 4.5.2 peer
└── vite 4.5.2

groqd-playground@0.0.18 /Users/sawyerburnett/git-repos/formidable/groqd/packages/groqd-playground

dependencies:
sanity 3.15.0
├─┬ @vitejs/plugin-react 4.2.1
│ └── vite 4.5.2 peer
└── vite 4.5.2

Type of Change

  • dependency update

How Has This Been Tested?

Unit tests have been ran and passed. Sanity changelog was reviewed for breaking changes.

Checklist: (Feel free to delete this section upon completion)

  • I have performed a self-review of my own code
  • I have run all builds, tests, and linting and all checks pass

@changeset-bot changeset-bot
Copy link

changeset-bot bot commented Mar 14, 2024
edited
Loading

🦋 Changeset detected

Latest commit: ac23945

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 2 packages
Name Type
playground-example Patch
groqd-playground Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@vercel Vercel
Copy link

vercel bot commented Mar 14, 2024
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

1 Ignored Deployment
Name Status Preview Comments Updated (UTC)
groqd ⬜️ Ignored (Inspect) Visit Preview Mar 18, 2024 6:22pm

@Burnett2k Burnett2k marked this pull request as ready for review March 18, 2024 18:16
@scottrippey
Copy link
Member

Nothing tricky about this one, thanks for updating!

@Burnett2k Burnett2k merged commit 3fa5b46 into main Mar 18, 2024
4 checks passed
@Burnett2k Burnett2k deleted the issue/274 branch March 18, 2024 20:18
@github-actions github-actions bot mentioned this pull request Mar 18, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@scottrippey scottrippey scottrippey approved these changes

@carbonrobot carbonrobot Awaiting requested review from carbonrobot

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

groqd: remediate critical and high security warnings
2 participants
@Burnett2k @scottrippey