Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Address svelte vulnerability #6603

Merged
merged 1 commit into from
Sep 6, 2024
Merged

Address svelte vulnerability #6603

merged 1 commit into from
Sep 6, 2024

Conversation

potatowagon
Copy link
Contributor

@potatowagon potatowagon commented Sep 6, 2024
edited
Loading

Description

GitHub has identified a security vulnerability defined in svelte package < 4.2.19

https://github.com/sveltejs/svelte/security/advisories/GHSA-8266-84wp-wv5c?fbclid=IwZXh0bgNhZW0CMTEAAR0SbKxlitu6Jx6gHzu6LXpO8ISnbPg8rA9QkETVKR7sitC5OYfMdIRDbKw_aem_L69Gc8C41CMosfKKxjjWQw

upgrade the svelte package to fix it

Test plan

see automated tests

@vercel Vercel
Copy link

vercel bot commented Sep 6, 2024

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
lexical ✅ Ready (Inspect) Visit Preview 💬 Add feedback Sep 6, 2024 6:16am
lexical-playground ✅ Ready (Inspect) Visit Preview 💬 Add feedback Sep 6, 2024 6:16am

@facebook-github-bot facebook-github-bot added the CLA Signed This label is managed by the Facebook bot. Authors need to sign the CLA before a PR can be reviewed. label Sep 6, 2024
@github-actions GitHub Actions
Copy link

github-actions bot commented Sep 6, 2024

size-limit report 📦

Path Size
lexical - cjs 29.66 KB (0%)
lexical - esm 29.48 KB (0%)
@lexical/rich-text - cjs 38.07 KB (0%)
@lexical/rich-text - esm 31.32 KB (0%)
@lexical/plain-text - cjs 36.65 KB (0%)
@lexical/plain-text - esm 28.66 KB (0%)
@lexical/react - cjs 39.83 KB (0%)
@lexical/react - esm 32.75 KB (0%)

freddymeta
freddymeta approved these changes Sep 6, 2024
View reviewed changes
Copy link

@freddymeta freddymeta left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@potatowagon potatowagon added this pull request to the merge queue Sep 6, 2024
Merged via the queue into main with commit fe4fcfe Sep 6, 2024
40 of 41 checks passed
@potatowagon potatowagon deleted the svelte-upgrade branch September 11, 2024 07:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@freddymeta freddymeta freddymeta approved these changes

@zurfyx zurfyx Awaiting requested review from zurfyx zurfyx is a code owner

@fantactuka fantactuka Awaiting requested review from fantactuka fantactuka is a code owner

@acywatson acywatson Awaiting requested review from acywatson acywatson is a code owner

@Fetz Fetz Awaiting requested review from Fetz Fetz is a code owner

@ivailop7 ivailop7 Awaiting requested review from ivailop7 ivailop7 is a code owner

@Sahejkm Sahejkm Awaiting requested review from Sahejkm Sahejkm is a code owner

Assignees
No one assigned
Labels
CLA Signed This label is managed by the Facebook bot. Authors need to sign the CLA before a PR can be reviewed.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@potatowagon @freddymeta @facebook-github-bot