Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: upgrades to xlsx@0.20.3 via CDN #46

Merged
merged 1 commit into from
Oct 23, 2024
Merged

feat: upgrades to xlsx@0.20.3 via CDN #46

merged 1 commit into from
Oct 23, 2024

Conversation

matthewhartstonge
Copy link
Member

@matthewhartstonge matthewhartstonge commented Oct 23, 2024
edited
Loading

This was referenced Oct 23, 2024
Merged
Merged
Merged
Merged
Merged
Merged
@matthewhartstonge Graphite App
Copy link
Member Author

matthewhartstonge commented Oct 23, 2024
edited
Loading

This stack of pull requests is managed by Graphite. Learn more about stacking.

Join @matthewhartstonge and the rest of your teammates on Graphite Graphite

This was referenced Oct 23, 2024
Merged
Merged
@matthewhartstonge matthewhartstonge added the dependencies Pull requests that update a dependency file label Oct 23, 2024 — with Graphite App
@matthewhartstonge matthewhartstonge marked this pull request as ready for review October 23, 2024 00:42
@matthewhartstonge
Copy link
Member Author

@hero-david @pauln what are your thoughts on migrating to a git based dep...? 🤢

I'm not really a fan of pulling in a git repo, but it is pinned in the lock file to a specific commit hash. Sheetjs have yeeted themselves into their own world (gitea self hosted git) and removed themselves from pushing the dep up to npm :/

Refer: https://github.com/SheetJS/sheetjs/tree/github?tab=readme-ov-file#thank-you-clippy

Tl;DR: Removes a couple of CVEs.

@matthewhartstonge
Copy link
Member Author

matthewhartstonge commented Oct 23, 2024
edited
Loading

The other options are:

They are supporting versions of node back to 0.8 and Angular v1.X clients, which is why they had to move away from npmjs.

@matthewhartstonge matthewhartstonge force-pushed the feature/migrate-to-sheetjs-git branch from 7b63ce7 to 10d6a92 Compare October 23, 2024 01:44
@matthewhartstonge matthewhartstonge mentioned this pull request Oct 23, 2024
Merged
@matthewhartstonge matthewhartstonge changed the title feat(deps): migrates to sheetjs self hosted git repo since they have ditched github and npm. feat: upgrades to xlsx@0.20.3 via CDN Oct 23, 2024
@matthewhartstonge matthewhartstonge force-pushed the feature/migrate-to-sheetjs-git branch from 10d6a92 to 5e843bd Compare October 23, 2024 02:10
@matthewhartstonge matthewhartstonge changed the base branch from feature/ember-5-12 to main October 23, 2024 02:10
@matthewhartstonge matthewhartstonge merged commit 55698e9 into main Oct 23, 2024
1 check passed
@matthewhartstonge matthewhartstonge deleted the feature/migrate-to-sheetjs-git branch October 23, 2024 02:15
@github-actions github-actions bot mentioned this pull request Oct 23, 2024
Merged
matthewhartstonge
matthewhartstonge commented Oct 23, 2024
View reviewed changes
Copy link
Member Author

@matthewhartstonge matthewhartstonge left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Decision over chats was to move forward with using the CDN 👍

@hero-david
Copy link

Decision over chats was to move forward with using the CDN 👍

I didn't realise that git was an option 👀 Feels nicer than a tgz

@matthewhartstonge
Copy link
Member Author

matthewhartstonge commented Oct 23, 2024
edited
Loading

yarp - give 7b63ce7 a cheeky peep 👀

Can change back to git on a v0.16 or as part of the move to a v2 ember addon 👍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hero-david hero-david Awaiting requested review from hero-david

@pauln pauln Awaiting requested review from pauln

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file hacktoberfest-accepted
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@matthewhartstonge @hero-david