search

FormidableLabs / groqd

A schema-unaware, runtime and type-safe query builder for GROQ.
https://commerce.nearform.com/open-source/groqd
MIT License
230 stars 16 forks source link

upgrade sanity version #277

Closed Burnett2k closed 8 months ago

Burnett2k commented 8 months ago

Description

This change moves to a newer version of sanity which doesn't reference a vite vulnerability. A separate PR will be created to update vitest which also references a vulnerable vite version.

helps close #274

The latest is 3.33.0, but I figured to reduce risk I'd do the minimum bumping needed to get past the vite issue. More than happy to upgrade to latest though. One benefit of 3.29.0 and up is that they're signed and have provenance turned on.

More info on vite vulnerability

Essentially, we just need to be on > 4.5.2 or later

output of pnpm why vite -r after the upgrade (vitest has been omitted since it's a dev dependency and will be handled in another pull request.)

❯ pn why vite -r
Legend: production dependency, optional only, dev only

playground-example@0.0.1 /Users/sawyerburnett/git-repos/formidable/groqd/examples/playground-example

dependencies:
groqd-playground link:../../packages/groqd-playground
└─┬ sanity 3.15.0
  ├─┬ @vitejs/plugin-react 4.2.1
  │ └── vite 4.5.2 peer
  └── vite 4.5.2
sanity 3.15.0
├─┬ @vitejs/plugin-react 4.2.1
│ └── vite 4.5.2 peer
└── vite 4.5.2

groqd-playground@0.0.18 /Users/sawyerburnett/git-repos/formidable/groqd/packages/groqd-playground

dependencies:
sanity 3.15.0
├─┬ @vitejs/plugin-react 4.2.1
│ └── vite 4.5.2 peer
└── vite 4.5.2

Type of Change

How Has This Been Tested?

Unit tests have been ran and passed. Sanity changelog was reviewed for breaking changes.

Checklist: (Feel free to delete this section upon completion)

changeset-bot[bot] commented 8 months ago

🦋 Changeset detected

Latest commit: ac23945b29b7ecb713042b4d353d42af1d1b8c31

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 2 packages | Name | Type | | ------------------ | ----- | | playground-example | Patch | | groqd-playground | Patch |

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

vercel[bot] commented 8 months ago

The latest updates on your projects. Learn more about Vercel for Git ↗︎

1 Ignored Deployment | Name | Status | Preview | Comments | Updated (UTC) | | :--- | :----- | :------ | :------- | :------ | | **groqd** | ⬜️ Ignored ([Inspect](https://vercel.com/formidable-labs/groqd/je39wZQSRQyMgh8pMtvvTPHEEnaw)) | [Visit Preview](https://groqd-git-issue-274-formidable-labs.vercel.app) | | Mar 18, 2024 6:22pm |
scottrippey commented 8 months ago

Nothing tricky about this one, thanks for updating!