Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update micromatch to remove vulnerability #4508

Merged
merged 6 commits into from
Aug 26, 2024
Merged

Update micromatch to remove vulnerability #4508

merged 6 commits into from
Aug 26, 2024

Conversation

TomasSlama
Copy link
Contributor

@TomasSlama TomasSlama commented Aug 26, 2024
edited by toptal-devbot
Loading

[FX-NNNN]

Description

Removing https://github.com/toptal/picasso/security/dependabot/165

How to test

Screenshots

Before. After.
Insert screenshots or screen recordings Insert screenshots or screen recordings

Development checks

  • Add changeset according to guidelines (if needed)
  • Double check if picasso-tailwind-merge requires major update (check its README.md)
  • Read CONTRIBUTING.md and Component API principles
  • Make sure that additions and changes on the design follow Toptal's BASE design, and it's been aleady discussed with designers at #-base-core
  • Annotate all props in component with documentation
  • Create examples for component
  • Ensure that deployed demo has expected results and good examples
  • Ensure the changed/created components have not caused accessibility issues. How to use accessibility plugin in storybook.
  • Self reviewed
  • Covered with tests (visual tests included)

Breaking change

  • codemod is created and showcased in the changeset
  • test alpha package of Picasso in StaffPortal

All development checks should be done and set checked to pass the
GitHub Bot: TODOLess action

PR commands

List of available commands:

  • @toptal-bot run package:alpha-release - Release alpha version
  • @toptal-anvil ping reviewers - Ping FX team for review
PR Review Guidelines

When to approve? ✅

You are OK with merging this PR and

  1. You have no extra requests.
  2. You have optional requests.
    1. Add nit: to your comment. (ex. nit: I'd rename this variable from makeCircle to getCircle)

When to request changes? ❌

You are not OK with merging this PR because

  1. Something is broken after the changes.
  2. Acceptance criteria is not reached.
  3. Code is dirty.

When to comment (neither ✅ nor ❌)

You want your comments to be addressed before merging this PR in cases like:

  1. There are leftovers like unnecessary logs, comments, etc.
  2. You have an opinionated comment regarding the code that requires a discussion.
  3. You have questions.

How to handle the comments?

  1. An owner of a comment is the only one who can resolve it.
  2. An owner of a comment must resolve it when it's addressed.
  3. A PR owner must reply with ✅ when a comment is addressed.

@TomasSlama TomasSlama added dependencies Pull requests that update a dependency file security Pull requests that address a security vulnerability labels Aug 26, 2024
@TomasSlama TomasSlama self-assigned this Aug 26, 2024
@changeset-bot changeset-bot
Copy link

changeset-bot bot commented Aug 26, 2024
edited
Loading

⚠️ No Changeset found

Latest commit: cdc678e

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@TomasSlama TomasSlama marked this pull request as ready for review August 26, 2024 09:50
@TomasSlama TomasSlama requested a review from a team August 26, 2024 09:50
sashuk
sashuk reviewed Aug 26, 2024
View reviewed changes
Copy link
Contributor

@sashuk sashuk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Review comment (testing)

@TomasSlama TomasSlama merged commit fed065c into master Aug 26, 2024
18 checks passed
@TomasSlama TomasSlama deleted the fx-null-fix-micromatch branch August 26, 2024 11:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sashuk sashuk sashuk left review comments

Assignees

@TomasSlama TomasSlama

Labels
dependencies Pull requests that update a dependency file no-jira security Pull requests that address a security vulnerability
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@TomasSlama @sashuk