Skip to content

chore: upgrade xml2js and codemirror plugins #10463

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Feb 17, 2024
Merged

chore: upgrade xml2js and codemirror plugins #10463

merged 3 commits into from
Feb 17, 2024

Conversation

benmccann
Copy link
Member

This has been causing a security warning forever that's been impossible to get rid of. The dependency blocking the upgrade was finally fixed today

This PR is against the main branch. See #10462 for the svelte-4 version

@changeset-bot changeset-bot
Copy link

changeset-bot bot commented Feb 12, 2024
edited
Loading

⚠️ No Changeset found

Latest commit: 912a0d2

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@benmccann benmccann mentioned this pull request Feb 12, 2024
Merged
dummdidumm
dummdidumm requested changes Feb 13, 2024
View reviewed changes
@dummdidumm dummdidumm mentioned this pull request Feb 13, 2024
Merged
5 tasks
@benmccann benmccann requested a review from dummdidumm February 16, 2024 17:08
@Rich-Harris
Copy link
Member

man, you can't win — getting rid of dupes is a game of whack-a-mole. pnpm up -r --latest makes it much worse

that said we are behind on a few deps, would be good to update some of them

@benmccann
Copy link
Member Author

I don't think we have to be perfect. As long as we don't have duplicates of codemirror (which would break things) or things like esbuild that have dozens of dependencies and explode the lockfile I think it's fine

@Rich-Harris
Copy link
Member

agree, it's just a bummer to have like @types/[email protected] and @types/[email protected]. what are we doing, as an industry

@Rich-Harris Rich-Harris merged commit 49ad7f9 into main Feb 17, 2024
@Rich-Harris Rich-Harris deleted the xml2js-main branch February 17, 2024 16:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dummdidumm dummdidumm Awaiting requested review from dummdidumm

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@benmccann @Rich-Harris @dummdidumm