Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Reduce usage of the trim dependency #130863

Merged
merged 2 commits into from
Apr 25, 2022
Merged

Reduce usage of the trim dependency #130863

merged 2 commits into from
Apr 25, 2022

Conversation

watson
Copy link
Contributor

@watson watson commented Apr 25, 2022

We forcefully upgrade the trim sub-dependency to v1.0.1 because of an old known security vulnerability. Two of our dependencies who previously depended on trim no longer does so, and we can therefore now upgrade those to get rid of the warnings generated because of this forceful upgrade.

Reduce usage of the trim dependency
6a303ca 
We forcefully upgrade the trim sub-dependency to v1.0.1 because of an
old know security vulnerability. Two of our dependencies who previously
depended on trim no longer does so, and we can therefore now upgrade
those to get rid of the warnings generated because of this forceful
upgrade.
@watson watson added release_note:skip Skip the PR/issue when compiling release notes auto-backport Deprecated - use backport:version if exact versions are needed v8.3.0 v7.17.4 labels Apr 25, 2022
@watson watson requested a review from a team April 25, 2022 08:06
@watson watson self-assigned this Apr 25, 2022
@watson
Copy link
Contributor Author

watson commented Apr 25, 2022
edited
Loading

The only dependency still depending on an old version of trim is remark-parse version 8.0.3 and 5.0.0. If we upgrade both to version 9.0.0 or newer we can get rid of our forceful trim upgrade. But I have not looked into how easy that would be.

@watson watson enabled auto-merge (squash) April 25, 2022 08:10
@kibana-ci
Copy link
Collaborator

💚 Build Succeeded

Metrics [docs]

Page load bundle

Size of the bundles that are downloaded on every page load. Target size is below 100kb

id before after diff
kbnUiSharedDeps-npmDll 4.8MB 4.8MB -5.0B

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @watson

jportner
jportner approved these changes Apr 25, 2022
View reviewed changes
Copy link
Contributor

@jportner jportner left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🎉

@watson watson merged commit 641fc10 into elastic:main Apr 25, 2022
@kibanamachine
Copy link
Contributor

💔 All backports failed

Status Branch Result
7.17 Backport failed because of merge conflicts

Manual backport

To create the backport manually run:

node scripts/backport --pr 130863

Questions ?

Please refer to the Backport tool documentation

@watson watson mentioned this pull request Apr 25, 2022
Merged
@watson watson deleted the reduce-trim-usage branch April 25, 2022 13:46
watson pushed a commit that referenced this pull request Apr 25, 2022
Reduce usage of the trim dependency (#130863) (#130896)
3c371e7 
We forcefully upgrade the trim sub-dependency to v1.0.1 because of an
old known security vulnerability. Two of our dependencies who previously
depended on trim no longer does so, and we can therefore now upgrade
those to get rid of the warnings generated because of this forceful
upgrade.

(cherry picked from commit 641fc10)

# Conflicts:
#	yarn.lock
dmlemeshko pushed a commit to dmlemeshko/kibana that referenced this pull request May 5, 2022
@dmlemeshko
Reduce usage of the trim dependency (elastic#130863)
0440abe 
We forcefully upgrade the trim sub-dependency to v1.0.1 because of an
old known security vulnerability. Two of our dependencies who previously
depended on trim no longer does so, and we can therefore now upgrade
those to get rid of the warnings generated because of this forceful
upgrade.
kertal pushed a commit to kertal/kibana that referenced this pull request May 24, 2022
@kertal
Reduce usage of the trim dependency (elastic#130863)
730ae45 
We forcefully upgrade the trim sub-dependency to v1.0.1 because of an
old known security vulnerability. Two of our dependencies who previously
depended on trim no longer does so, and we can therefore now upgrade
those to get rid of the warnings generated because of this forceful
upgrade.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jportner jportner jportner approved these changes

Assignees

@watson watson

Labels
auto-backport Deprecated - use backport:version if exact versions are needed release_note:skip Skip the PR/issue when compiling release notes v7.17.4 v8.3.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@watson @kibana-ci @kibanamachine @jportner