Skip to content

yarn upgrade + dep fix #10725

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Feb 11, 2022
Merged

yarn upgrade + dep fix #10725

merged 1 commit into from
Feb 11, 2022

Conversation

@paul-marechal
Copy link
Member

@paul-marechal paul-marechal commented Feb 8, 2022
edited by vince-fugnitto
Loading

What it does

The pull-request includes the following changes:

  • performs a yarn upgrade on the repo, consequently resolving known security vulnerabilities from dependencies.
  • sets @electron/remote range to avoid version 2.0.4 as the typings are bogus (fixed upstream but not yet in a patch release).

How to test

  • confirm that the repo builds, and the application starts normally
  • confirm that the tests pass
  • confirm no simple-get vulnerability exists (ex: yarn audit | grep "simple-get")

Review checklist

Reminder for reviewers

Signed-off-by: vince-fugnitto [email protected]

@paul-marechal paul-marechal added quality issues related to code and application quality dependencies pull requests that update a dependency file labels Feb 8, 2022
@vince-fugnitto
Copy link
Member

vince-fugnitto commented Feb 8, 2022
edited by paul-marechal
Loading

I've opened the automatic IP Due Diligence Issues:

@vince-fugnitto vince-fugnitto force-pushed the mp/yarn-upgrade branch 2 times, most recently from 3301674 to 7a33f39 Compare February 10, 2022 18:32
@paul-marechal @vince-fugnitto
yarn upgrade + dep fix
5afb757 
The commit includes the following updates:
- performs a `yarn upgrade` and consequently resolves dependency issues
  such as `simple-get` pulled transitively by `drivelist`.
-sets `@electron/remote` range to avoid version `2.0.4` as the typings are
bogus.
@vince-fugnitto vince-fugnitto mentioned this pull request Feb 11, 2022
Merged
1 task
@vince-fugnitto
Copy link
Member

vince-fugnitto commented Feb 11, 2022

The dependencies are now approved 👍

@colin-grant-work
Copy link
Contributor

colin-grant-work commented Feb 11, 2022
edited
Loading

In smoke tests of both browser and Electron applications, everything seemed to be working fine. During the Electron rebuild portion of the build, I did see some compiler warnings that I'm not used to seeing, but the build succeeded and everything looked fine, so I'm not sure whether the output reflects change in dependencies or change in warning behavior of my local native build chain.

Processed "drivelist"
⠙ Building module: drivelist, Completed: 0  CXX(target) Release/obj.target/drivelist/src/drivelist.o
⠼ Building module: drivelist, Completed: 0  CXX(target) Release/obj.target/drivelist/src/device-descriptor.o
⠼ Building module: drivelist, Completed: 0  CXX(target) Release/obj.target/drivelist/src/darwin/list.o
⠹ Building module: drivelist, Completed: 0  CXX(target) Release/obj.target/drivelist/src/darwin/REDiskList.o
⠧ Building module: drivelist, Completed: 0../src/darwin/REDiskList.m:29:13: warning: 'NSArray' may not respond to 'sortUsingSelector:'
    [_disks sortUsingSelector:@selector(localizedCaseInsensitiveCompare:)];
     ~~~~~~ ^
1 warning generated.
⠇ Building module: drivelist, Completed: 0  SOLINK_MODULE(target) Release/drivelist.node
⠸ Building module: find-git-repositories, Completed: 1  CC(target) Release/obj.target/openpa/openpa/src/opa_primitives.o
⠼ Building module: find-git-repositories, Completed: 1  CC(target) Release/obj.target/openpa/openpa/src/opa_queue.o
⠴ Building module: find-git-repositories, Completed: 1  LIBTOOL-STATIC Release/openpa.a
⠇ Building module: find-git-repositories, Completed: 1  CXX(target) Release/obj.target/findGitRepos/src/FindGitRepos.o
⠴ Building module: find-git-repositories, Completed: 1../src/FindGitRepos.cpp:270:28: warning: 'Call' is deprecated [-Wdeprecated-declarations]
  baton->progressCallback->Call(1, argv);
                           ^
../../nan/nan.h:1743:3: note: 'Call' has been explicitly marked deprecated here
  NAN_DEPRECATED inline v8::Local<v8::Value>
  ^
../../nan/nan.h:108:40: note: expanded from macro 'NAN_DEPRECATED'
# define NAN_DEPRECATED __attribute__((deprecated))
                                       ^
../src/FindGitRepos.cpp:294:13: warning: 'Call' is deprecated [-Wdeprecated-declarations]
  callback->Call(1, argv);
            ^
../../nan/nan.h:1743:3: note: 'Call' has been explicitly marked deprecated here
  NAN_DEPRECATED inline v8::Local<v8::Value>
  ^
../../nan/nan.h:108:40: note: expanded from macro 'NAN_DEPRECATED'
# define NAN_DEPRECATED __attribute__((deprecated))
                                       ^
⠏ Building module: find-git-repositories, Completed: 12 warnings generated.
⠋ Building module: find-git-repositories, Completed: 1  CXX(target) Release/obj.target/findGitRepos/src/Queue.o
⠴ Building module: find-git-repositories, Completed: 1  SOLINK_MODULE(target) Release/findGitRepos.node

Since we recently updated electron-rebuild, that seems the most likely cause.

colin-grant-work
colin-grant-work approved these changes Feb 11, 2022
View reviewed changes
Copy link
Contributor

@colin-grant-work colin-grant-work left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Apart from the new warnings from electron-rebuild, which seem to be unrelated to this PR, this looks good to me.

@vince-fugnitto vince-fugnitto merged commit f05fb11 into master Feb 11, 2022
@vince-fugnitto vince-fugnitto deleted the mp/yarn-upgrade branch February 11, 2022 16:31
@github-actions github-actions bot added this to the 1.23.0 milestone Feb 11, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@colin-grant-work colin-grant-work colin-grant-work approved these changes

@vince-fugnitto vince-fugnitto Awaiting requested review from vince-fugnitto

Assignees

No one assigned

Labels

dependencies pull requests that update a dependency file quality issues related to code and application quality

Projects

None yet

Milestone

1.23.0

Development

Successfully merging this pull request may close these issues.

4 participants

@paul-marechal @vince-fugnitto @colin-grant-work