Fix security vulnerability and cleanup deps#11
Fix security vulnerability and cleanup deps#11natemoo-re merged 5 commits intobombshell-dev:mainfrom
Conversation
During install, npm warned against the following venerability GHSA-67mh-4wv8-2f99 . This commit bumps the effected esbuild version and vitest, which depends on it.
This commit updates prettier, so it now respects and therefore ignores files in the folder dist. Furthermore, arg, npm-run-all and globby are not used and only pull in unused code and therefore cause a wider attack surface on developer machines
The spacing in scripts/bench.js was off, leading to an unconsitent visual output when running the benchmark. Furthermore, the benchmark was still named ultraflags. Prettier was used to format the rest of the code
|
janvhs
changed the title
|
Typescript could probably be updated at some point as well, but I don't know the bombshell policy on that |
|
Do i need to do this changeset things? |
|
@janvhs nah that's okay, it's only needed for changes to the user-facing API! I really appreciate you jumping in with a PR 🙏 I'm actually working on some shared infra for the whole org and was hoping to use this repo to dogfood our formatting. Would you mind pulling the |
|
Sure I‘ll do that! |
This reverts commit 4f460e5.
The spacing in scripts/bench.js was off, leading to an unconsitent visual output when running the benchmark. Furthermore, the benchmark was still named ultraflags.
|
@natemoo-re Sorry for the delay. Here are the changes as promised! |
natemoo-re
left a comment
natemoo-re
left a comment
There was a problem hiding this comment.
Awesome, thank you so much for the PR!
2 participants
During install, npm warned against the following vulnerability
GHSA-67mh-4wv8-2f99 . This commit bumps
the effected esbuild version and vitest, which depends on it.
In addition, I cleaned up the dependency tree, added a fmt
step and made 2 visual corrections to the bench.js script