Skip to content

security: update dev packages #2023

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
colinmurphy merged 5 commits into from
Jan 15, 2025
Merged

security: update dev packages #2023

colinmurphy merged 5 commits into from
Jan 15, 2025

Conversation

@colinmurphy
Copy link
Member

@colinmurphy colinmurphy commented Jan 10, 2025
edited
Loading

Updated packages so we could fix the security vulnurability for nesbot/carbon

We needed to updated the dev dependency for lucatume/wp-browser to version 4 and we also had to update the codeception packages too.

Tasks

  • I have signed a Contributor License Agreement (CLA) with WP Engine.
  • If a code change, I have written testing instructions that the whole team & outside contributors can understand.
  • I have written and included a comprehensive changeset to properly document the changes I've made.

Description

Fixes security vulnerability for https://github.com/wpengine/faustjs/security/dependabot/229

It updates the lucatume/wp-browser to remove nesbot/carbon as it needed to be at least version 2.7.6 - https://github.com/wpengine/faustjs/pull/2023/files#diff-52ed4176df556392b4f72b1d0300a7a75d59103da85b7d37b1fa9c849f2f82acL383

I also sorted the packages

Related Issue(s):

Testing

Screenshots

Documentation Changes

Dependant PRs

@colinmurphy
Security update to update a package
d1ba8e6 
Updated packages so we could fix the  security vulnurability for nesbot/carbon

We needed to updated the dev dependency for lucatume/wp-browser to version 4 and we also had to update the codeception packages too.
@changeset-bot
Copy link

changeset-bot bot commented Jan 10, 2025
edited
Loading

🦋 Changeset detected

Latest commit: b8bbfe9

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package
Name Type
@faustwp/wordpress-plugin Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@github-actions
Copy link
Contributor

github-actions bot commented Jan 10, 2025
edited
Loading

📦 Next.js Bundle Analysis for @faustwp/getting-started-example

This analysis was generated by the Next.js Bundle Analysis action. 🤖

This PR introduced no changes to the JavaScript bundle! 🙌

@colinmurphy colinmurphy changed the title Security update to update a package security: Update dev packages Jan 10, 2025
@colinmurphy colinmurphy changed the title security: Update dev packages security: update dev packages Jan 10, 2025
colinmurphy
colinmurphy commented Jan 10, 2025
View reviewed changes
plugins/faustwp/composer.lock
},
"require-dev": {
"doctrine/dbal": "^4.0.0",
"nesbot/carbon": "^2.71.0 || ^3.0.0",
Copy link
Member Author

@colinmurphy colinmurphy Jan 10, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Security fix. This needed to be at least 2.71.6 which is why the bot couldn't update cc @theodesp

@colinmurphy colinmurphy marked this pull request as ready for review January 10, 2025 19:19
@colinmurphy colinmurphy requested a review from a team as a code owner January 10, 2025 19:19
@moonmeister moonmeister added the needs: reviewer response his needs the attention of a codeowner or maintainer label Jan 14, 2025
@colinmurphy colinmurphy merged commit ab06786 into canary Jan 15, 2025
18 checks passed
@colinmurphy colinmurphy deleted the security-update-carbon branch January 15, 2025 16:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@theodesp theodesp theodesp approved these changes

Assignees

No one assigned

Labels

needs: reviewer response his needs the attention of a codeowner or maintainer

Projects

Headless OSS
Status: ✅ Closed

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@colinmurphy @theodesp @moonmeister