Skip to content

chore: update dependencies #25

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
svenrademakers merged 3 commits into from
Jan 2, 2025
Merged

chore: update dependencies #25

svenrademakers merged 3 commits into from
Jan 2, 2025

Conversation

@barrenechea
Copy link
Contributor

@barrenechea barrenechea commented Dec 27, 2024

Hey! Some basic housekeeping before addressing a couple reported issues (linked to the same action, the power toggle button). This updates all dependencies, addressing in the process these two:

cross-spawn  7.0.0 - 7.0.4
Severity: high
Regular Expression Denial of Service (ReDoS) in cross-spawn - https://github.com/advisories/GHSA-3xgq-45jj-v275
node_modules/cross-spawn

nanoid  <3.3.8
Severity: moderate
Predictable results in nanoid generation when given non-integer values - https://github.com/advisories/GHSA-mwcw-c2x4-8c55
node_modules/nanoid

Also updates it to React 19, allowing us to leverage the React Compiler for a simpler codebase at some point (allows us to forget the usage of useCallback and useMemo). I'll push another PR with a proposal to enable it.

ESLint from v8 to v9 had some major changes in the way it is setup, that's why the major change over there.

@svenrademakers
Copy link
Collaborator

svenrademakers commented Jan 2, 2025

thanks again! I dont think we are able to slip any fixes into 2.1.0 at this point. once 2.2.0-unstable is labeled on BMC-Firmware main we can start merging new stuff again!

@svenrademakers svenrademakers merged commit 251c9bb into turing-machines:main Jan 2, 2025
3 checks passed
@barrenechea
Copy link
Contributor Author

barrenechea commented Jan 3, 2025

thanks again! I dont think we are able to slip any fixes into 2.1.0 at this point. once 2.2.0-unstable is labeled on BMC-Firmware main we can start merging new stuff again!

No worries! Thanks for the heads up 😄

@barrenechea barrenechea deleted the update-deps branch August 16, 2025 20:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@barrenechea @svenrademakers