Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update dependencies of @transloadit/analyze-step #42

Merged
merged 5 commits into from
Oct 31, 2023
Merged

Update dependencies of @transloadit/analyze-step #42

merged 5 commits into from
Oct 31, 2023

Conversation

nickrttn
Copy link
Contributor

Updates dependencies to get rid of underscore, a dependency of a dependency, which has a critical security vulnerability, as reported on our private website repo. As a bonus, bundle size savings.

@nickrttn nickrttn requested a review from kvz October 31, 2023 10:54
@kvz kvz enabled auto-merge (squash) October 31, 2023 13:19
@kvz
Copy link
Member

kvz commented Oct 31, 2023

Stuck on this now 🤔

FAIL packages/analyze-step/src/analyzeStep.test.ts
  ● Test suite failed to run

    Jest encountered an unexpected token

    Jest failed to parse a file. This happens e.g. when your code or its dependencies use non-standard JavaScript syntax, or when Jest is not configured to support such syntax.

    Out of the box Jest supports Babel, which will be used to transform your files into valid JS based on your Babel configuration.

    By default "node_modules" folder is ignored by transformers.

    Here's what you can do:
     • If you are trying to use ECMAScript Modules, see https://jestjs.io/docs/ecmascript-modules for how to enable it.
     • If you are trying to use TypeScript, see https://jestjs.io/docs/getting-started#using-typescript
     • To have some of your "node_modules" files transformed, you can specify a custom "transformIgnorePatterns" in your config.
     • If you need a custom transformation specify a "transform" option in your config.
     • If you simply want to mock your non-JS modules (e.g. binary assets) you can stub them out with the "moduleNameMapper" config option.

    You'll find more details and examples of these config options in the docs:
    https://jestjs.io/docs/configuration
    For information about custom transformations, see:
    https://jestjs.io/docs/code-transformation

    Details:

    /home/runner/work/monolib/monolib/node_modules/lodash-es/lodash.js:10
    export { default as add } from './add.js';
    ^^^^^^

    SyntaxError: Unexpected token 'export'

       5 | import inflect from 'inflection'
       6 | import { JSONPath } from 'jsonpath-plus'
    >  7 | import { clone, countBy, get, has } from 'lodash-es'
         | ^
       8 |
       9 | function humanJoin(array: string[], reduce = true, glueword = 'and'): string {
      10 |   let countedArray = array

      at Runtime.createScriptFromCode (node_modules/jest-runtime/build/index.js:1505:14)
      at Object.<anonymous> (packages/analyze-step/src/analyzeStep.ts:7:1)
      at Object.<anonymous> (packages/analyze-step/src/analyzeStep.test.ts:2:1)

@kvz kvz merged commit dc263d6 into main Oct 31, 2023
2 checks passed
@kvz kvz deleted the fix-sec-jsonpath branch October 31, 2023 13:52
@kvz
Copy link
Member

kvz commented Oct 31, 2023

Successfully published:

@kvz
Copy link
Member

kvz commented Oct 31, 2023

https://github.com/transloadit/content/pull/3125

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kvz kvz kvz approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@nickrttn @kvz