Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: update zod to 3.22.4 #563

Merged
merged 4 commits into from Oct 19, 2023
Merged

chore: update zod to 3.22.4 #563

merged 4 commits into from Oct 19, 2023

Conversation

adithyaakrishna
Copy link
Member

Description:

  • This PR updates zod to 3.22.4 as the previous versions had ReDoS vulnerability

More Info: colinhacks/zod#2824 and colinhacks/zod#2609

@vercel
Copy link

vercel bot commented Oct 14, 2023

@adithyaakrishna is attempting to deploy a commit to the Documenso Team Team on Vercel.

A member of the Team first needs to authorize it.

catalinpit
catalinpit approved these changes Oct 17, 2023
View reviewed changes
Copy link
Contributor

@catalinpit catalinpit left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks!

dguyen
dguyen requested changes Oct 19, 2023
View reviewed changes
Copy link
Collaborator

@dguyen dguyen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you also upgrade them across the other packages? I think since a recent commit there were a few other packages that have zod now.

@adithyaakrishna
Copy link
Member Author

@dguyen Yes sure, will send a commit for that too :)

@adithyaakrishna
Copy link
Member Author

@dguyen Done, I updated next-auth as well, also, I was wondering if I could just update all the packages instead of only Zod?

@dguyen
Copy link
Collaborator

dguyen commented Oct 19, 2023

What was the reason for upgrading next-auth? We prefer to try stay away from unnecessary updates since they generally break things and requires testing.

In this case I think upgrading Zod only is fine since there's a vulnerability.

@adithyaakrishna
Copy link
Member Author

@dguyen Makes sense, I have reverted the change to next-auth with the above commit :)

@adithyaakrishna
chore: resolved conflicts
09c81d1 
Signed-off-by: Adithya Krishna <aadithya794@gmail.com>
@adithyaakrishna
chore: updated zod and next-auth
b72db9b 
Signed-off-by: Adithya Krishna <aadithya794@gmail.com>
@adithyaakrishna
chore: revert next-auth upgrade
0dcc8f8 
Signed-off-by: Adithya Krishna <aadithya794@gmail.com>
@dguyen
Copy link
Collaborator

dguyen commented Oct 19, 2023

Something in the package lock file is breaking the build.

When I delete it and re-run everything it works.

Could you undo everything, and do the Zod upgrade incrementally so the package lock file is correctly updated?

@adithyaakrishna
chore: fix lock file
ac5af71 
Signed-off-by: Adithya Krishna <aadithya794@gmail.com>
@adithyaakrishna
Copy link
Member Author

@dguyen Fixed it :)

@dguyen dguyen merged commit 616cf1c into documenso:feat/refresh Oct 19, 2023
6 of 8 checks passed
@dguyen
Copy link
Collaborator

dguyen commented Oct 19, 2023

Cheers 👍

/tip 25

@algora-pbc
Copy link

algora-pbc bot commented Oct 19, 2023

🎉🎈 @adithyaakrishna has been awarded $25! 🎈🎊

Mythie pushed a commit that referenced this pull request Nov 6, 2023
@adithyaakrishna @Mythie
chore: update zod to 3.22.4 (#563)
c162cb3 
* chore: updated zod 

Signed-off-by: Adithya Krishna <aadithya794@gmail.com>

---------

Signed-off-by: Adithya Krishna <aadithya794@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@catalinpit catalinpit catalinpit approved these changes

@dguyen dguyen Awaiting requested review from dguyen

Assignees
No one assigned
Labels
💰 Rewarded
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@adithyaakrishna @dguyen @catalinpit