Fix cpy vulnerabilities #18471
Fix cpy vulnerabilities #18471
Conversation
☁️ Nx Cloud ReportCI is running/has finished running commands for commit 845a3e3. As they complete they will appear below. Click to see the status, the terminal output, and the build insights. 📂 See all runs for this branch ✅ Successfully ran 1 targetSent with 💌 from NxCloud. |
There was a problem hiding this comment.
@kevcube thanks for the PR! Unfortunately it's breaking the build since it's pure ESM but being imported in a CJS file.
I think you can get around this via an asynchronous import, something like:
const copy = await import('cpy');
await cpy(defaultFavIcon, options.outputDir);Can you please give that a try in all the places cpy is used in the code (I believe they are all async context). Thanks!
|
@shilman fixed the tests! The import statement was correct, which was confusing me. It ended up being something with promise resolution. |
|
@shilman I was wrong about fixing the tests, I just got past the one error that was blocking me. When using async import, typescript gives me this error: |
|
@kevcube you can't import it at the top of the file, you should import it inside the async function where it's used. can you give that a try? pretty sure it will work. |
|
@shilman its not working, I've gotten the dynamic import working inside the file, but the tests still aren't passing and I'm not sure why - I've tried a lot of changes with the tsconfig trying to get it to compile to an import rather than a require.. but no dice |
|
@kevcube OK i'll give it a try and will report back. Thanks!!! |
|
@shilman yeah, the error in the build is the same error I was getting locally. I tried a lot of things to fix but couldn't figure it out. Any ideas? |
Issue: cpy 8 has npm audit vulnerabilities
What I did
upgrade to cpy 9.0.1
use
flatten: truein places where one file is being copiedremove
parents: truebecause that's the new default behaviorHow to test
If your answer is yes to any of these, please make sure to include it in your PR.