Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: fix xml2js override #12172

Merged
merged 2 commits into from
Jun 25, 2024
Merged

chore: fix xml2js override #12172

merged 2 commits into from
Jun 25, 2024

Conversation

Conduitry
Copy link
Member

#10133 didn't actually work. If you look at the lockfile (and at the diff in that PR), we're still on the old version of xml2js. jimp>xml2js only overrides xml2js as a direct dependency of jimp, and it's not a direct dependency. Rather than specifying a precise but correct selector, I'd instead opted to just include a general one and override this dependency generally.

Svelte 5 rewrite

Please note that the Svelte codebase is currently being rewritten for Svelte 5. Changes should target Svelte 5, which lives on the default branch (main).

If your PR concerns Svelte 4 (including updates to svelte.dev.docs), please ensure the base branch is svelte-4 and not main.

Before submitting the PR, please make sure you do the following

  • It's really useful if your PR references an issue where it is discussed ahead of time. In many cases, features are absent for a reason. For large changes, please create an RFC: https://github.com/sveltejs/rfcs
  • Prefix your PR title with feat:, fix:, chore:, or docs:.
  • This message body should clearly illustrate what problems it solves.
  • Ideally, include a test that fails without this PR but passes with it.

Tests and linting

  • Run the tests with pnpm test and lint the project with pnpm lint

@changeset-bot changeset-bot
Copy link

changeset-bot bot commented Jun 24, 2024

⚠️ No Changeset found

Latest commit: 14374aa

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@Conduitry
Copy link
Member Author

Relatedly: I don't know why https://github.com/sveltejs/svelte/security/dependabot/25 was seen as resolved by #11637. Maybe dependabot couldn't parse the new lockfile format and gave up?

@Conduitry Conduitry changed the title chore: fix xml2js overridde chore: fix xml2js override Jun 24, 2024
@dummdidumm dummdidumm merged commit 8910fe1 into main Jun 25, 2024
9 checks passed
@dummdidumm dummdidumm deleted the fix-xml2js-override branch June 25, 2024 12:56
FoHoOV pushed a commit to FoHoOV/svelte that referenced this pull request Jun 27, 2024
@Conduitry @FoHoOV
chore: fix xml2js override (sveltejs#12172)
f5b4ec9 
* apply proper xml2js override

* update lockfile
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dummdidumm dummdidumm dummdidumm approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Conduitry @dummdidumm