Closed nvenegas closed 3 years ago
5.0.0 of z-schema
is the next release after 4.2.3 (see https://www.npmjs.com/package/z-schema?activeTab=versions) but I'm unsure what parts of the API changed. I'll ask in the other PR
@JamesMessinger Can you please help me figure out what else I'd need to do to get this (future) version bump released? e.g., getting master
green again, release process, etc.
@nicolasv - As long as all tests pass (run npm run clean && npm run build && npm test
) you should be good to submit your PR. That'll kick-off our CI workflow, which will make sure the tests pass on all OSes and all supported versions of Node. Assuming that passes, we can merge the PR and publish the new version.
5.0.0 of
z-schema
is the next release after 4.2.3 (see https://www.npmjs.com/package/z-schema?activeTab=versions) but I'm unsure what parts of the API changed. I'll ask in the other PR
From the other PR
dropped node 6 and a change in default behaviour of
breakOnFirstError
v4.2.3...v5.0.0
As long as all tests pass… you should be good to submit your PR.
@JamesMessinger After upgrading to 5.0.1 of z-schema
, I still get the single failure in the 26) akeneo.comakeneo.comakeneo.com
test case that I also get on master
That'll kick-off our CI workflow, which will make sure the tests pass on all OSes and all supported versions of Node. Assuming that passes, we can merge the PR and publish the new version.
I noticed that npm run build
modifies the online/js/bundle.*
files — should I also commit those files to this PR or does CI handle that?
As long as all tests pass… you should be good to submit your PR.
@JamesMessinger After upgrading to 5.0.1 of
z-schema
, I still get the single failure in the26) akeneo.comakeneo.comakeneo.com
test case that I also get onmaster
This is what #165 fixes ;-)
That'll kick-off our CI workflow, which will make sure the tests pass on all OSes and all supported versions of Node. Assuming that passes, we can merge the PR and publish the new version.
I noticed that
npm run build
modifies theonline/js/bundle.*
files — should I also commit those files to this PR or does CI handle that?
@nicolasv Are you planning on committing this soon? Our company was hoping for the exact change you're making as it will fix a vulnerability found with the z-schema@4.2.3.
@JamesMessinger Could you please review this?
@nicolasv Are you planning on committing this soon? Our company was hoping for the exact change you're making as it will fix a vulnerability found with the z-schema@4.2.3.
I've been waiting on some more review plus potentially #165 being merged 🤞
@JamesMessinger can you take a look at https://github.com/APIDevTools/swagger-parser/pull/165 to see if that can get committed? This PR https://github.com/APIDevTools/swagger-parser/pull/166 is dependent on that as well as a review.
@JamesMessinger can you please take a look at both #165 and this PR #166 and merge them if they are fine.. this helps fix a vulnerability.
Merged #170 first.
@philsturgeon Any chance you could release a new version?
Is there an update on when a version containing this fix will be released? Like others, we are also tracking it as it fixes a vulnerability. @philsturgeon @JamesMessinger
When #173 is unblocked through #178 or #175 or whichever PR makes the build pass we can release. Cannot release without tests passing.
WIP because the earliest version of
z-schema
that would have the required bump tovalidator
is 5.0.1. See https://github.com/zaggino/z-schema/pull/265Creating this early just to see if any tests fail with the 5.x line of
z-schema
. Note, however, that onmaster
there is one failing test (see CI CD #28)I get the same single failure in this branch