Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Upgrade lerna, et al to address security vulnerabilities, modernise build environment #2507

Merged
merged 9 commits into from
Oct 6, 2023

Conversation

smallsaucepan
Copy link
Member

Upgrading lerna and a couple of other build related libraries. Addresses potential security vulnerabilities (from 3rd party libraries):

severity before after
low 1 1
moderate 15 2
high 60 24
critical 8 0 🎉

Also modernises the build environment, for example meaning we can take advantage of lerna caching. Our configuration may need some tweaking esp around publishing to npm, though this should be a good base to work from.

Please fill in this template.

  • Use a meaningful title for the pull request. Include the name of the package modified.
  • Have read How To Contribute.
  • Run npm test at the sub modules where changes have occurred.
  • Run npm run lint to ensure code style at the turf module level.

Submitting a new TurfJS Module.

n/a

…mmand no longer required. Seems to build and test ok. May need some tweaking. Will add build caching at a later date.
…ilities. Had to wrap body of script so as be async, though otherwise unchanged.
…ng. Remove redundant packages setting from lerna.json (will default to packages setting in package.json instead). Have to add --npm-path to all npm-run-all calls so that lerna doesn't accidentally end up being used as the npm binary. mysticatea/npm-run-all#218 and lerna/lerna#1842 have more details.
: glob.sync(path.join(__dirname, "..", "packages", "turf-*", "package.json"));
(async () => {
// documentation v14 has moved to ESM so need to import as if async, and wrap
// in an IIFE as top level async not allowed.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Weird 🤷

@@ -0,0 +1,52 @@
{
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'll admit to not being fully up to speed on nx, but this looks sane to me.

@mfedderly mfedderly merged commit f6e64ff into Turfjs:master Oct 6, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants