Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump dependencies to fix vulnerabilities #14697

Merged
merged 9 commits into from
Oct 17, 2024
Merged

Bump dependencies to fix vulnerabilities #14697

merged 9 commits into from
Oct 17, 2024

Conversation

RobinMalfait
Copy link
Member

This PR fixes some package vulnerabilities that you will see when running npm install. This PR fixes that by bumping dependencies to get rid of the vulnerabilities.

@RobinMalfait
npm audit fix
5689575
@RobinMalfait
bump dependencies
75c37eb 
Most of them were already installed because of the `^` in the version.
But this commit syncs the `package.json` file with those versions.

This does not bump dependencies to major versions.
@RobinMalfait
update changelog
9b4e0e0
@RobinMalfait RobinMalfait marked this pull request as draft October 17, 2024 10:04
thecrypticace
thecrypticace requested changes Oct 17, 2024
View reviewed changes
Copy link
Contributor

@thecrypticace thecrypticace left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Need to npm install in standalone-cli too to update its lockfile.

@RobinMalfait RobinMalfait marked this pull request as ready for review October 17, 2024 10:33
@RobinMalfait RobinMalfait changed the title Bump dependecies to fix vulnerabilities Bump dependencies to fix vulnerabilities Oct 17, 2024
@RobinMalfait RobinMalfait enabled auto-merge (squash) October 17, 2024 10:37
@RobinMalfait RobinMalfait merged commit c8c3a22 into main Oct 17, 2024
13 checks passed
@RobinMalfait RobinMalfait deleted the fix/issue-14696 branch October 17, 2024 10:41
philipp-spiess
philipp-spiess reviewed Oct 17, 2024
View reviewed changes
CHANGELOG.md
- Nothing yet!
### Fixed

- Bump dependencies to fix vulnerabilities ([#14697](https://github.com/tailwindlabs/tailwindcss/pull/14697))
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Did we end up bundling vulnerable code here? "Fix vulnerabilities" makes it sound like we had a vulnerability in Tailwind CSS which might be a bit too alarming.

In the past we used the wording "Bump versions for security vulnerabilities" which gave it a more passive sound. WDYT?

@RobinMalfait RobinMalfait mentioned this pull request Oct 17, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@philipp-spiess philipp-spiess philipp-spiess left review comments

@thecrypticace thecrypticace thecrypticace approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@RobinMalfait @philipp-spiess @thecrypticace