Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: manual dependabot - minimist #4377

Merged
merged 5 commits into from
Oct 9, 2024
Merged

chore: manual dependabot - minimist #4377

merged 5 commits into from
Oct 9, 2024

Conversation

emilyjablonski
Copy link
Collaborator

@emilyjablonski emilyjablonski commented Oct 8, 2024
edited
Loading

commitizen has a dependency cz-conventional-changelog which itself depends on a vulnerable version of minimist - and it isn't a ranged dependency, so it is explicitly pulling in the vulnerable version. I was able to upgrade commitizen and remove cz-conventional-changelog because we aren't using it anymore.

Dependabot alert
Issue in commitizen

Description

I ensured that even with removing the conventional changelog setup, commitizen still works for me locally.

How Can This Be Tested/Reviewed?

If you have commitizen set up locally, you can try committing with an unformatted commit and ensure it fails.

Author Checklist:

  • Added QA notes to the issue with applicable URLs
  • Reviewed in a desktop view
  • Reviewed in a mobile view
  • Reviewed considering accessibility
  • Added tests covering the changes
  • Made corresponding changes to the documentation
  • Ran yarn generate:client and/or created a migration when required

Review Process:

  • Read and understand the issue
  • Ensure the author has added QA notes
  • Review the code itself from a style point of view
  • Pull the changes down locally and test that the acceptance criteria is met
  • Either (1) explicitly ask a clarifying question, (2) request changes, or (3) approve the PR, even if there are very small remaining changes, if you don't need to re-review after the updates

@netlify Netlify
Copy link

netlify bot commented Oct 8, 2024
edited
Loading

Deploy Preview for partners-bloom-dev ready!

Name Link
🔨 Latest commit 8588d9c
🔍 Latest deploy log https://app.netlify.com/sites/partners-bloom-dev/deploys/6706d9fc01064a00085f5a26
😎 Deploy Preview https://deploy-preview-4377--partners-bloom-dev.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

@netlify Netlify
Copy link

netlify bot commented Oct 8, 2024
edited
Loading

Deploy Preview for bloom-exygy-dev ready!

Name Link
🔨 Latest commit 8588d9c
🔍 Latest deploy log https://app.netlify.com/sites/bloom-exygy-dev/deploys/6706d9fcdc593a0009fdefe2
😎 Deploy Preview https://deploy-preview-4377--bloom-exygy-dev.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

@emilyjablonski emilyjablonski marked this pull request as ready for review October 8, 2024 20:07
@emilyjablonski emilyjablonski added the 1 review needed Requires 1 more review before ready to merge label Oct 8, 2024
ColinBuyck
ColinBuyck approved these changes Oct 9, 2024
View reviewed changes
Copy link
Collaborator

@ColinBuyck ColinBuyck left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 💵

@ColinBuyck ColinBuyck added ready to merge Should be applied when a PR has been reviewed and approved and removed 1 review needed Requires 1 more review before ready to merge labels Oct 9, 2024
@emilyjablonski emilyjablonski merged commit 376745c into main Oct 9, 2024
20 checks passed
@emilyjablonski emilyjablonski deleted the dependabot/min branch October 9, 2024 19:49
emilyjablonski added a commit to housingbayarea/bloom that referenced this pull request Oct 30, 2024
@emilyjablonski
chore: manual dependabot - minimist (bloom-housing#4377)
f2ca7d4
emilyjablonski added a commit to housingbayarea/bloom that referenced this pull request Nov 4, 2024
@emilyjablonski
chore: manual dependabot - minimist (bloom-housing#4377)
d0e2c41
@emilyjablonski emilyjablonski mentioned this pull request Nov 26, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ColinBuyck ColinBuyck ColinBuyck approved these changes

Assignees
No one assigned
Labels
ready to merge Should be applied when a PR has been reviewed and approved
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@emilyjablonski @ColinBuyck