domjtalbot commented 1 year ago

What's Changed?

nx-mesh executors are now bundled using esbuild
- fs-extra, get-port, tslib, & type-fest are included in the bundle and therefore removed from the dependencies list.
generators are compiled using tsc.
add workflow for clearing GitHub actions cache
Set package resolutions for @nrwl/* packages used by nx-mesh
__generators workflow sets package resolutions for testing

changeset-bot[bot] commented 1 year ago

🦋 Changeset detected

Latest commit: 9c7e5533c75d790b70fee264f50fd43c6128941f

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package

| Name | Type | | ------- | ----- | | nx-mesh | Minor |

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

socket-security[bot] commented 1 year ago

New dependency changes detected. Learn more about Socket for GitHub ↗︎

🚨 Potential security issues found in this pull request. To accept the risk, merge this PR and you will not be notified again.

Bot Commands

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore foo@1.0.0 bar@* or ignore all packages with @SocketSecurity ignore-all

@SocketSecurity ignore core-js-pure@3.29.0
@SocketSecurity ignore nx@15.7.1
@SocketSecurity ignore nx@15.8.5
@SocketSecurity ignore styled-components@5.3.6
@SocketSecurity ignore @parcel/watcher@2.0.4
@SocketSecurity ignore @parcel/watcher@2.1.0
@SocketSecurity ignore next@13.1.1

📜 Install scripts

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.

Package	Script field	Source
core-js-pure@3.29.0 (added)	`postinstall`	`pnpm-lock.yaml` via eslint-config-next@13.1.1, eslint-plugin-jsx-a11y@6.6.1
nx@15.7.1 (upgraded)	`postinstall`	`package.json`, `pnpm-lock.yaml` via @nrwl/cypress@15.7.1, @nrwl/devkit@15.7.1, @nrwl/esbuild@15.7.1, @nrwl/eslint-plugin-nx@15.7.1, @nrwl/jest@15.7.1, @nrwl/js@15.7.1, @nrwl/linter@15.7.1, @nrwl/next@15.7.1, @nrwl/node@15.7.1, @nrwl/nx-plugin@15.7.1, @nrwl/react@15.7.1, @nrwl/workspace@15.7.1, `packages/nx-mesh/package.json` via @nrwl/cypress@15.7.1, @nrwl/devkit@15.8.5, @nrwl/js@15.7.1, @nrwl/linter@15.8.5, @nrwl/node@15.7.1, @nrwl/workspace@15.8.5
nx@15.8.5 (upgraded)	`postinstall`	`pnpm-lock.yaml`, `packages/nx-mesh/package.json` via @nrwl/workspace@15.8.5
styled-components@5.3.6 (added)	`postinstall`	`package.json`, `pnpm-lock.yaml` via babel-plugin-styled-components@1.10.7

🫣 Native code

Contains native code which could be a vector to obscure malicious code, and generally decrease the likelihood of reproducible or reliable installs.

Ensure that native code bindings are expected. Consumers may consider pure JS and functionally similar alternatives to avoid the challenges and risks associated with native code bindings.

Package	Location	Source
@parcel/watcher@2.0.4 (added)	binding.gyp	`pnpm-lock.yaml` via @nrwl/cypress@15.7.1, @nrwl/devkit@15.7.1, @nrwl/esbuild@15.7.1, @nrwl/eslint-plugin-nx@15.7.1, @nrwl/jest@15.7.1, @nrwl/js@15.7.1, @nrwl/linter@15.7.1, @nrwl/next@15.7.1, @nrwl/node@15.7.1, @nrwl/nx-plugin@15.7.1, @nrwl/react@15.7.1, @nrwl/workspace@15.7.1, nx@15.7.1, `packages/nx-mesh/package.json` via @nrwl/cypress@15.7.1, @nrwl/devkit@15.8.5, @nrwl/js@15.7.1, @nrwl/linter@15.8.5, @nrwl/node@15.7.1, @nrwl/workspace@15.8.5, nx@15.7.1
@parcel/watcher@2.1.0 (added)	binding.gyp	`pnpm-lock.yaml` via @graphql-codegen/cli@3.2.2

📞 Telemetry

This package contains telemetry which tracks you.

Package	Note	Source
next@13.1.1 (added)	Can be disabled by setting the environment variable NEXT_TELEMETRY_DISABLED=1	`package.json`, `pnpm-lock.yaml` via @nrwl/next@15.7.1

🧌 Protestware/Troll package

This package is a joke, parody, or includes undocumented or hidden behavior unrelated to its primary function.

Package	Note	Source
styled-components@5.3.6 (added)	This package prints a protestware console message regarding Ukraine for users with Russian language locale	`package.json`, `pnpm-lock.yaml` via babel-plugin-styled-components@1.10.7

Pull request alert summary

Issue	Status
Install scripts	⚠️ 4 issues
Native code	⚠️ 2 issues
Bin script shell injection	✅ 0 issues
Unresolved require	✅ 0 issues
Invalid package.json	✅ 0 issues
HTTP dependency	✅ 0 issues
Git dependency	✅ 0 issues
Potential typo squat	✅ 0 issues
Known Malware	✅ 0 issues
Telemetry	⚠️ 1 issue
Protestware/Troll package	⚠️ 1 issue

📊 Modified Dependency Overview:

➕ Added Package	Capability Access	`+/-` Transitive Count	Publisher
next@13.1.1	eval, network, filesystem, shell, environment	`+7`	vercel-release-bot
@graphql-mesh/new-openapi@0.8.2	eval, network, filesystem, environment	`+46`	ardatan
@graphql-mesh/plugin-snapshot@0.1.20	eval, network, filesystem, environment	`+11`	ardatan
@graphql-mesh/cache-file@0.9.47	eval, filesystem, environment	`+17`	ardatan
@graphql-mesh/plugin-mock@0.1.18	eval, filesystem, environment	`+10`	ardatan
@swc/jest@0.2.20	filesystem, environment	`+3`	kdy1
jsdom@20.0.3	eval, network, filesystem, shell, environment	`+5`	domenic
@graphql-mesh/neo4j@0.22.19	eval, network, filesystem, environment	`+43`	ardatan
styled-components@5.3.6	eval, filesystem, environment	`+13`	probablyup
@swc-node/register@1.6.2	filesystem, environment	`+6`	broooooklyn
@swc/cli@0.1.62	network, filesystem, shell, environment	`+57`	kdy1
eslint-plugin-jsx-a11y@6.6.1	eval, filesystem, shell, environment	`+15`	ljharb
babel-plugin-styled-components@1.10.7	eval, filesystem, environment	`+14`	probablyup
@graphql-mesh/odata@0.22.18	eval, network, filesystem, environment	`+16`	ardatan
@graphql-mesh/mysql@0.19.17	eval, network, filesystem, environment	`+20`	ardatan
@graphql-mesh/soap@0.17.20	eval, filesystem, environment	`+9`	ardatan
eslint-config-prettier@8.1.0	eval, filesystem, shell, environment	`+3`	lydell
ts-jest@28.0.5	eval, network, filesystem, shell, environment	`+69`	kul
eslint-plugin-import@2.26.0	eval, network, filesystem, shell, environment	`+28`	ljharb
@testing-library/react@13.4.0	eval, filesystem, environment	`+19`	testing-library-bot
jest@28.1.1	eval, network, filesystem, shell, environment	`+66`	simenb
@graphql-mesh/json-schema@0.37.21	eval, network, filesystem, environment	`+25`	ardatan
@commitlint/cli@17.4.4	eval, network, filesystem, shell, environment	`+48`	escapedcat
@graphql-mesh/openapi@0.35.23	eval, network, filesystem, environment	`+27`	ardatan
@graphql-codegen/cli@3.2.2	eval, network, filesystem, shell, environment	`+80`	dotansimha
eslint-config-next@13.1.1	eval, network, filesystem, shell, environment	`+54`	vercel-release-bot
react-dom@18.2.0	filesystem, environment	`+1`	gnoff
eslint-plugin-cypress@2.12.1	eval, filesystem, shell, environment	`+3`	cypress-npm-publisher
@graphql-mesh/graphql@0.34.10	eval, network, filesystem, shell, environment	`+24`	ardatan
@nrwl/workspace@15.7.1	eval, network, filesystem, shell, environment	`+35`	nrwl-jason
@nrwl/workspace@15.8.5	eval, network, filesystem, shell, environment	`+119`	nrwl-jason
@nrwl/next@15.7.1	eval, network, filesystem, shell, environment	`+437`	nrwl-jason
react-test-renderer@18.2.0	filesystem, environment	`+2`	gnoff
@graphql-mesh/runtime@0.46.18	eval, network, filesystem, environment	`+13`	ardatan
@nrwl/esbuild@15.7.1	eval, network, filesystem, shell, environment	`+115`	nrwl-jason
@nrwl/js@15.7.1	eval, network, filesystem, shell, environment	`+228`	nrwl-jason
eslint-plugin-react@7.31.11	eval, filesystem, shell, environment	`+15`	ljharb
@graphql-codegen/client-preset@2.1.1	eval, network, filesystem, shell, environment	`+17`	dotansimha
@nrwl/nx-plugin@15.7.1	eval, network, filesystem, shell, environment	`+174`	nrwl-jason
@nrwl/devkit@15.7.1	eval, network, filesystem, shell, environment	`+29`	nrwl-jason
@nrwl/cypress@15.7.1	eval, network, filesystem, shell, environment	`+104`	nrwl-jason
@nrwl/jest@15.7.1	eval, network, filesystem, shell, environment	`+95`	nrwl-jason
@nrwl/react@15.7.1	eval, network, filesystem, shell, environment	`+36`	nrwl-jason
@nrwl/eslint-plugin-nx@15.7.1	eval, network, filesystem, shell, environment	`+47`	nrwl-jason
eslint-plugin-react-hooks@4.6.0	eval, filesystem, shell, environment	`+3`	gnoff
@nrwl/node@15.7.1	eval, network, filesystem, shell, environment	`+784`	nrwl-jason
@nrwl/linter@15.8.5	eval, network, filesystem, shell, environment	`+115`	nrwl-jason
@nrwl/linter@15.7.1	eval, network, filesystem, shell, environment	`+33`	nrwl-jason
@typescript-eslint/parser@5.56.0	eval, filesystem, shell, environment	`+5`	jameshenry
@typescript-eslint/eslint-plugin@5.56.0	eval, filesystem, shell, environment	`+15`	jameshenry

⬆️ Updated Package	Version Diff	Capability Access	`+/-` Transitive Count	Publisher
nx@15.7.1	9999.0.1...15.7.1	eval, network, filesystem, shell, environment	`+56/-60`	nrwl-jason
@graphql-mesh/cli@0.82.27	0.82.30...0.82.27	eval, network, filesystem, shell, environment	`+90/-25`	ardatan

🚮 Removed packages: type-fest@2.18.0

nx-cloud[bot] commented 1 year ago

☁️ Nx Cloud Report

CI is running/has finished running commands for commit 9c7e5533c75d790b70fee264f50fd43c6128941f. As they complete they will appear below. Click to see the status, the terminal output, and the build insights.

📂 See all runs for this branch

✅ Successfully ran 21 targets

- [`node_v18.15.0__pnpm_8.1.0 nx run nx-mesh:lint --configuration=codeql`](https://cloud.nx.app/runs/XL33ThA1eB) - [`node_v18.15.0__pnpm_8.1.0 nx run-many --target=test --parallel=3 --all --configuration=reports`](https://cloud.nx.app/runs/rCA7MyCunp) - [`node_v18.15.0__pnpm_8.1.0 nx run-many --target=lint --parallel=4 --all --configuration=reports`](https://cloud.nx.app/runs/B915tGFRhL) - [`node_v18.15.0__pnpm_8.1.0 nx affected --target=build --parallel=2 --configuration=production`](https://cloud.nx.app/runs/CHHB55qR4w) - [`node_v18.15.0__pnpm_8.1.0 nx affected --target=test --parallel=3 --configuration=reports`](https://cloud.nx.app/runs/vrlAe4hPBD) - [`node_v18.15.0__pnpm_8.1.0 nx affected --target=test --parallel=3`](https://cloud.nx.app/runs/I5Psq60Tb9) - [`node_v19.8.1__pnpm_8.1.0 nx affected --target=test --parallel=3 --configuration=reports`](https://cloud.nx.app/runs/cc4NqMhxEe) - [`node_v19.8.1__pnpm_8.1.0 nx affected --target=test --parallel=3`](https://cloud.nx.app/runs/Do5KMuLlSj) - [`node_v19.8.1__pnpm_8.1.0 nx affected --target=e2e-serve-dev --parallel=1`](https://cloud.nx.app/runs/ICfo22GixQ) - [`node_v19.8.1__pnpm_8.1.0 nx affected --target=e2e-start --parallel=1`](https://cloud.nx.app/runs/nbEfyOko6d) - [`node_v19.8.1__pnpm_8.1.0 nx affected --target=e2e-serve --parallel=1`](https://cloud.nx.app/runs/MRfuPJtJM3) - [`node_v19.8.1__pnpm_8.1.0 nx affected --target=e2e --parallel=1`](https://cloud.nx.app/runs/6yrbcgbfdZ) - [`node_v18.15.0__pnpm_8.1.0 nx affected --target=e2e --parallel=1`](https://cloud.nx.app/runs/4tg0GCM4Dj) - [`node_v18.15.0__pnpm_8.1.0 nx affected --target=e2e-start --parallel=1`](https://cloud.nx.app/runs/0LFB49SEZW) - [`node_v18.15.0__pnpm_8.1.0 nx affected --target=e2e-serve-dev --parallel=1`](https://cloud.nx.app/runs/sfYfjBmHvB) - [`node_v18.15.0__pnpm_8.1.0 nx affected --target=e2e-serve --parallel=1`](https://cloud.nx.app/runs/n8h83rfBIj) - [`node_v18.15.0__pnpm_8.1.0 nx affected --target=build --parallel=2`](https://cloud.nx.app/runs/JFv7AVmsJW) - [`node_v19.8.1__pnpm_8.1.0 nx affected --target=build --parallel=2 --configuration=production`](https://cloud.nx.app/runs/8UqsyZ6T4p) - [`node_v19.8.1__pnpm_8.1.0 nx affected --target=build --parallel=2`](https://cloud.nx.app/runs/itIr4YyIwm) - [`node_v18.15.0__pnpm_8.1.0 nx affected --target=lint --parallel=4`](https://cloud.nx.app/runs/BpSMPM3jz3) - [`nx-cloud record -- npx nx format:check`](https://cloud.nx.app/runs/vonxZFG7F3)

Sent with 💌 from NxCloud.

github-actions[bot] commented 1 year ago

🚀 Snapshot Release (`alpha`)

The latest changes of this PR are available as `alpha` on npm (based on the declared `changesets`):	Package	Version	Info
`nx-mesh`	`4.0.0-alpha-20230401162654`	npm ↗︎ unpkg ↗︎

github-advanced-security[bot] commented 1 year ago

You have successfully added a new CodeQL configuration .github/workflows/pull-request.yml:codeql. As part of the setup process, we have scanned this repository and found 1 existing alert. Please check the repository Security tab to see all alerts.

github-actions[bot] commented 1 year ago

This pull request has been deployed to Vercel.

Latest commit:	`0590d48`
✅ Preview:	https://nx-mesh-73ylndpfy-domjtalbot.vercel.app
🔍 Inspect:	https://vercel.com/domjtalbot/nx-mesh/6LnNZfYViRrMc3Hh2fPrTUrjGvpf