Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

deps: update transitive deps to quiet vulnerability alerts #13538

Merged
merged 8 commits into from
Jan 4, 2022
Merged

deps: update transitive deps to quiet vulnerability alerts #13538

merged 8 commits into from
Jan 4, 2022

Conversation

brendankenny
Copy link
Member

These are all from devDeps, so not a big deal, but a lot have built up. There's one remaining, tracked in sindresorhus/cpy#98 (nobody pass a pathological regex while copying over extension files to dist/!).

Separated by commit just in case someone cares :)

@brendankenny brendankenny requested a review from a team as a code owner January 4, 2022 23:28
@brendankenny brendankenny requested review from connorjclark and removed request for a team January 4, 2022 23:28
brendankenny
brendankenny commented Jan 4, 2022
View reviewed changes
package.json
Comment on lines -98 to -100
"@firebase/app-types": "0.3.1",
"@firebase/auth-types": "0.3.2",
"@firebase/util": "0.2.1",
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I believe these were a merge error. Removed when firebase was updated for Viewer in #13115, but added back in #12771. Could not figure out what part of the rollup process they were for, until I remembered that was just a long-lived PR and those lines probably just snuck back in. cc @connorjclark just in case

brendankenny
brendankenny commented Jan 4, 2022
View reviewed changes
yarn.lock
@@ -8522,28 +8375,18 @@ write-file-atomic@^3.0.0:
signal-exit "^3.0.2"
typedarray-to-buffer "^3.1.5"

[email protected], ws@^7.0.0, ws@^7.4.5:
[email protected], ws@>=7.4.6, ws@^7.0.0, ws@^7.3.1, ws@^7.4.5:
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

actual dep ws@^7.0.0 wasn't changed here

@devtools-bot devtools-bot merged commit abea68f into master Jan 4, 2022
@devtools-bot devtools-bot deleted the olddeps branch January 4, 2022 23:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@connorjclark connorjclark connorjclark approved these changes

Assignees

@connorjclark connorjclark

Labels
waiting4reviewer
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@brendankenny @connorjclark @devtools-bot