Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: update semver #343

Merged
merged 2 commits into from
Nov 14, 2023
Merged

fix: update semver #343

merged 2 commits into from
Nov 14, 2023
+12 −57

Conversation

joneugster
Copy link
Contributor

updating semver as used version reports vulnerability.

@joneugster
Copy link
Contributor Author

joneugster commented Oct 27, 2023
edited
Loading

NOTE: I don't know how to test this, but the CI succeeds on my fork.

The deprecated version causes lean4web to report medium vulnerability issues, see CI output.

@mhuisi
Copy link
Collaborator

mhuisi commented Oct 30, 2023

The package-lock for this PR needs to be generated differently. You can apply the following patch to fix it.

From 953d8db9253fd069e1707266ca1f59a54443c52a Mon Sep 17 00:00:00 2001
From: mhuisi <[email protected]>
Date: Mon, 30 Oct 2023 16:52:00 +0100
Subject: [PATCH] use correct package-lock

---
 vscode-lean4/package-lock.json | 60 +++-------------------------------
 vscode-lean4/package.json      |  2 +-
 2 files changed, 5 insertions(+), 57 deletions(-)

diff --git a/vscode-lean4/package-lock.json b/vscode-lean4/package-lock.json
index 0fd2ac2..c4046fe 100644
--- a/vscode-lean4/package-lock.json
+++ b/vscode-lean4/package-lock.json
@@ -9,8 +9,6 @@
 			"version": "0.0.117",
 			"license": "Apache-2.0",
 			"dependencies": {
-				"@leanprover/infoview": "~0.4.3",
-				"@leanprover/infoview-api": "~0.2.1",
 				"axios": "~0.24.0",
 				"cheerio": "^1.0.0-rc.10",
 				"mobx": "5.15.7",
@@ -24,7 +22,7 @@
 				"@types/mocha": "^8.2.0",
 				"@types/node": "^18.11.9",
 				"@types/ps-node": "~0.1.1",
-				"@types/semver": "^5.3.30",
+				"@types/semver": "^7.5.4",
 				"@types/vscode": "^1.61.0",
 				"@types/vscode-webview": "^1.57.0",
 				"@vscode/test-electron": "^2.1.2",
@@ -128,25 +126,6 @@
 				"@jridgewell/sourcemap-codec": "1.4.14"
 			}
 		},
-		"node_modules/@leanprover/infoview": {
-			"version": "0.4.3",
-			"resolved": "https://registry.npmjs.org/@leanprover/infoview/-/infoview-0.4.3.tgz",
-			"integrity": "sha512-SufdOr2myHAbZNUmobfQdAhsEC5H9ddi3KS0z1v/8riWSMm+yJk3u4LxVuzCmmSmV2QxFqtFzn5z+HQqj1Vo7g==",
-			"dependencies": {
-				"@leanprover/infoview-api": "~0.2.1",
-				"@vscode/codicons": "^0.0.32",
-				"es-module-shims": "^1.6.2",
-				"marked": "^4.2.2",
-				"react-fast-compare": "^3.2.0",
-				"tachyons": "^4.12.0",
-				"vscode-languageserver-protocol": "^3.17.2"
-			}
-		},
-		"node_modules/@leanprover/infoview-api": {
-			"version": "0.2.1",
-			"resolved": "https://registry.npmjs.org/@leanprover/infoview-api/-/infoview-api-0.2.1.tgz",
-			"integrity": "sha512-4sYdwOhUsa5wfvo/ZsCbcm8fBWcrATciZq0sWfmi5NRbIyZ+c2QjTm6D9CeYPCNvz9yvD1KBp/2+hKEZ8SOHkA=="
-		},
 		"node_modules/@nodelib/fs.scandir": {
 			"version": "2.1.5",
 			"resolved": "https://registry.npmjs.org/@nodelib/fs.scandir/-/fs.scandir-2.1.5.tgz",
@@ -270,9 +249,9 @@
 			"dev": true
 		},
 		"node_modules/@types/semver": {
-			"version": "5.5.0",
-			"resolved": "https://registry.npmjs.org/@types/semver/-/semver-5.5.0.tgz",
-			"integrity": "sha512-41qEJgBH/TWgo5NFSvBCJ1qkoi3Q6ONSF2avrHq1LVEZfYpdHmj0y9SuTK+u9ZhG1sYQKBL1AWXKyLWP4RaUoQ==",
+			"version": "7.5.4",
+			"resolved": "https://registry.npmjs.org/@types/semver/-/semver-7.5.4.tgz",
+			"integrity": "sha512-MMzuxN3GdFwskAnb6fz0orFvhfqi752yjaXylr0Rp4oDg5H0Zn1IuyRhDVvYOwAXoJirx2xuS16I3WjxnAIHiQ==",
 			"dev": true
 		},
 		"node_modules/@types/vscode": {
@@ -293,11 +272,6 @@
 			"integrity": "sha512-sL/cEvJWAnClXw0wHk85/2L0G6Sj8UB0Ctc1TEMbKSsmpRosqhwj9gWgFRZSrBr2f9tiXISwNhCPmlfqUqyb9Q==",
 			"dev": true
 		},
-		"node_modules/@vscode/codicons": {
-			"version": "0.0.32",
-			"resolved": "https://registry.npmjs.org/@vscode/codicons/-/codicons-0.0.32.tgz",
-			"integrity": "sha512-3lgSTWhAzzWN/EPURoY4ZDBEA80OPmnaknNujA3qnI4Iu7AONWd9xF3iE4L+4prIe8E3TUnLQ4pxoaFTEEZNwg=="
-		},
 		"node_modules/@vscode/test-electron": {
 			"version": "2.3.3",
 			"resolved": "https://registry.npmjs.org/@vscode/test-electron/-/test-electron-2.3.3.tgz",
@@ -1573,11 +1547,6 @@
 			"dev": true,
 			"peer": true
 		},
-		"node_modules/es-module-shims": {
-			"version": "1.8.0",
-			"resolved": "https://registry.npmjs.org/es-module-shims/-/es-module-shims-1.8.0.tgz",
-			"integrity": "sha512-5l/AqgnWvYFF38qkK8VNoQ8BL3LkJ8bAJuxhOKA/JqoLC4bcaeJeLwMkhEcrDsf5IUCDdwZ6eEG40+Xuh/APcQ=="
-		},
 		"node_modules/escalade": {
 			"version": "3.1.1",
 			"resolved": "https://registry.npmjs.org/escalade/-/escalade-3.1.1.tgz",
@@ -2440,17 +2409,6 @@
 				"url": "https://github.com/fb55/entities?sponsor=1"
 			}
 		},
-		"node_modules/marked": {
-			"version": "4.3.0",
-			"resolved": "https://registry.npmjs.org/marked/-/marked-4.3.0.tgz",
-			"integrity": "sha512-PRsaiG84bK+AMvxziE/lCFss8juXjNaWzVbN5tXAm4XjeaS9NAHhop+PjQxz2A9h8Q4M/xGmzP8vqNwy6JeK0A==",
-			"bin": {
-				"marked": "bin/marked.js"
-			},
-			"engines": {
-				"node": ">= 12"
-			}
-		},
 		"node_modules/mdurl": {
 			"version": "1.0.1",
 			"resolved": "https://registry.npmjs.org/mdurl/-/mdurl-1.0.1.tgz",
@@ -3222,11 +3180,6 @@
 				"node": ">=0.10.0"
 			}
 		},
-		"node_modules/react-fast-compare": {
-			"version": "3.2.2",
-			"resolved": "https://registry.npmjs.org/react-fast-compare/-/react-fast-compare-3.2.2.tgz",
-			"integrity": "sha512-nsO+KSNgo1SbJqJEYRE9ERzo7YtYbou/OqjSQKxV7jcKox7+usiUVZOAC+XnDOABXggQTno0Y1CpVnuWEc1boQ=="
-		},
 		"node_modules/read": {
 			"version": "1.0.7",
 			"resolved": "https://registry.npmjs.org/read/-/read-1.0.7.tgz",
@@ -3708,11 +3661,6 @@
 				"url": "https://github.com/sponsors/ljharb"
 			}
 		},
-		"node_modules/tachyons": {
-			"version": "4.12.0",
-			"resolved": "https://registry.npmjs.org/tachyons/-/tachyons-4.12.0.tgz",
-			"integrity": "sha512-2nA2IrYFy3raCM9fxJ2KODRGHVSZNTW3BR0YnlGsLUf1DA3pk3YfWZ/DdfbnZK6zLZS+jUenlUGJsKcA5fUiZg=="
-		},
 		"node_modules/tapable": {
 			"version": "2.2.1",
 			"resolved": "https://registry.npmjs.org/tapable/-/tapable-2.2.1.tgz",
diff --git a/vscode-lean4/package.json b/vscode-lean4/package.json
index 4a8e285..b702858 100644
--- a/vscode-lean4/package.json
+++ b/vscode-lean4/package.json
@@ -900,7 +900,7 @@
 		"@types/mocha": "^8.2.0",
 		"@types/node": "^18.11.9",
 		"@types/ps-node": "~0.1.1",
-		"@types/semver": "^5.3.30",
+		"@types/semver": "^7.5.4",
 		"@types/vscode": "^1.61.0",
 		"@types/vscode-webview": "^1.57.0",
 		"@vscode/test-electron": "^2.1.2",
-- 
2.41.0

@joneugster
Copy link
Contributor Author

joneugster commented Nov 2, 2023
edited
Loading

The package-lock for this PR needs to be generated differently. You can apply the following patch to fix it.

done

@mhuisi mhuisi merged commit 3f62c2a into leanprover:master Nov 14, 2023
1 of 2 checks passed
@joneugster joneugster deleted the update-semver branch November 14, 2023 20:58
@joneugster joneugster mentioned this pull request Nov 14, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@joneugster @mhuisi