Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(clerk-js): Update zxcvbn dependency #2326

Merged
merged 2 commits into from
Dec 12, 2023
Merged

chore(clerk-js): Update zxcvbn dependency #2326

merged 2 commits into from
Dec 12, 2023

Conversation

LekoArts
Copy link
Member

@LekoArts LekoArts commented Dec 12, 2023
edited
Loading

Description

We received a complaint that our version has a security issue, so here goes the update.

  • Update @zxcvbn-ts/core from 2.2.1 to 3.0.4. Update @zxcvbn-ts/language-common from 3.0.2 to 3.0.4.
  • Adjust ZxcvbnResult interface to use current feedback.warning type as used in the upstream @zxcvbn-ts/core library.

Relevant changelogs:

We were already using the right imports / used the latest major of the language package, so that's why the changes are so small.

Only needed to adjust our internal types to: https://github.com/zxcvbn-ts/zxcvbn/blob/2c5882d1cbfbe624adbb5a31919000c98eea98c1/packages/libraries/main/src/types.ts#L152-L155

Checklist

  • npm test runs as expected.
  • npm run build runs as expected.
  • (If applicable) JSDoc comments have been added or updated for any package exports
  • (If applicable) Documentation has been updated

Type of change

  • 🐛 Bug fix
  • 🌟 New feature
  • 🔨 Breaking change
  • 📖 Refactoring / dependency upgrade / documentation
  • other:

Packages affected

  • @clerk/backend
  • @clerk/chrome-extension
  • @clerk/clerk-js
  • @clerk/clerk-expo
  • @clerk/fastify
  • gatsby-plugin-clerk
  • @clerk/localizations
  • @clerk/nextjs
  • @clerk/clerk-react
  • @clerk/remix
  • @clerk/clerk-sdk-node
  • @clerk/shared
  • @clerk/themes
  • @clerk/types
  • build/tooling/chore

@changeset-bot changeset-bot
Copy link

changeset-bot bot commented Dec 12, 2023

🦋 Changeset detected

Latest commit: 020bdf0

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 11 packages
Name Type
@clerk/clerk-js Patch
@clerk/types Patch
@clerk/chrome-extension Patch
@clerk/clerk-expo Patch
@clerk/backend Patch
@clerk/fastify Patch
gatsby-plugin-clerk Patch
@clerk/nextjs Patch
@clerk/clerk-react Patch
@clerk/remix Patch
@clerk/clerk-sdk-node Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@LekoArts LekoArts marked this pull request as ready for review December 12, 2023 14:40
@dimkl
Copy link
Contributor

dimkl commented Dec 12, 2023

@LekoArts Would we backport this change?

@LekoArts LekoArts added this pull request to the merge queue Dec 12, 2023
Merged via the queue into main with commit 69ce3e1 Dec 12, 2023
9 checks passed
@LekoArts LekoArts deleted the lekoarts/sdk-883-update-version-of-zxcvbn branch December 12, 2023 15:11
@clerk-cookie clerk-cookie mentioned this pull request Dec 12, 2023
Merged
LekoArts added a commit that referenced this pull request Dec 13, 2023
@LekoArts
chore(clerk-js): Update zxcvbn dependency (#2326)
4beb1ea 
* chore(clerk-js): Update zxcvbn dependency

* chore(repo): Add changesets

(cherry picked from commit 69ce3e1)
@clerk-cookie clerk-cookie mentioned this pull request Dec 13, 2023
Merged
github-merge-queue bot pushed a commit that referenced this pull request Dec 13, 2023
@clerk-cookie @LekoArts
chore(clerk-js): Update zxcvbn dependency (#2326) (#2332)
b4868ab 
* chore(clerk-js): Update zxcvbn dependency

* chore(repo): Add changesets

(cherry picked from commit 69ce3e1)

Co-authored-by: Lennart <lekoarts@gmail.com>
octoper pushed a commit that referenced this pull request Dec 13, 2023
@LekoArts @octoper
chore(clerk-js): Update zxcvbn dependency (#2326)
c7aeb0b 
* chore(clerk-js): Update zxcvbn dependency

* chore(repo): Add changesets
@LekoArts LekoArts mentioned this pull request Mar 13, 2024
Merged
@LekoArts LekoArts mentioned this pull request Aug 2, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dimkl dimkl dimkl approved these changes

Assignees
No one assigned
Labels
clerk-js types
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@LekoArts @dimkl @clerk-cookie