Update dependencies and security improvements#589
Open
jakebellacera wants to merge 3 commits intomainfrom
Open
Update dependencies and security improvements#589jakebellacera wants to merge 3 commits intomainfrom
jakebellacera wants to merge 3 commits intomainfrom
Conversation
✅ Deploy Preview for deltaio-site ready!
To edit notification comments on pull requests, go to your Netlify project configuration. |
jakebellacera
force-pushed
the
upgrade-deps
branch
from
cc8ffe5 to
e729c16
Compare
- Upgrade all dependencies, including major version bumps for astro and eslint. - Pin all dependency versions to exact versions in package.json (removed ^ ranges) and configure pnpm to use exact versions by default via savePrefix in pnpm-workspace.yaml. Pin GitHub Actions dependencies to commit SHAs for supply chain security. - Remove eslint-plugin-import, which is not compatible with ESLint 10. - Add lint:fix and format:fix npm scripts; change format script to run prettier with --check instead of --write to avoid unintentionally writing in ci contexts. - Only use the @astrojs/netlify adapter in Netlify environments so that local production builds can be previewed without it. - Update _headers to use Netlify's path-matching syntax. - Update README.md with improved setup instructions and documentation around dependency upgrade process. Remove orphaned workflows/pull-request.yml from a previous migration. Signed-off-by: Jake Bellacera <hi@jakebellacera.com>
- Move the inline platform-detection script into the SearchContainer custom element's connectedCallback so it runs in the correct lifecycle. - Add a guard around customElements.define to work around a bug in @astrojs/netlify that causes the component to be imported twice (this will be fixed in astro@6.1.3 - see withastro/astro#16173) Signed-off-by: Jake Bellacera <hi@jakebellacera.com>
- Import z from astro/zod instead of astro:content - Replace deprecated z.string().url() with z.url() per Astro 6 migration guide. Signed-off-by: Jake Bellacera <hi@jakebellacera.com>
jakebellacera
force-pushed
the
upgrade-deps
branch
from
e729c16 to
a00f956
Compare
jakebellacera
changed the title
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What changed?
This PR includes a number of upgrades and enhancements to how we handle dependencies:
zodbeing upgraded to v4.pnpm lintwas writing changes. In CI contexts we should not rewrite changes, as that can introduce false-positives. CI should fail if lint and format checks fail.Other packages were updated to their latest versions - no issues to report as well.