Skip to content

Merge in PSDTools/GPA_Calculator #3

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 396 commits into from
Jul 9, 2024
Merged

Merge in PSDTools/GPA_Calculator #3

merged 396 commits into from
Jul 9, 2024

Conversation

@lishaduck
Copy link
Member

@lishaduck lishaduck commented Jul 9, 2024

Part of #1.

dependabot bot and others added 30 commits April 1, 2023 00:06
@dependabot
Merge pull request #15 from PSDTools/dependabot/npm_and_yarn/shoelace…
7fdbc56 
…-style/shoelace-2.3.0
@lishaduck
fix: urls in manifest.json
f0091d2
@lishaduck
fix: manifest link
919b0be
@lishaduck
fix: issues?
d6b3684
@lishaduck
fix: bump vite to v4
5ebf2ca
@dependabot @lishaduck
Bump lit from 2.3.1 to 2.7.0
bfb4a48 
Bumps [lit](https://github.com/lit/lit/tree/HEAD/packages/lit) from 2.3.1 to 2.7.0.
- [Release notes](https://github.com/lit/lit/releases)
- [Changelog](https://github.com/lit/lit/blob/main/packages/lit/CHANGELOG.md)
- [Commits](https://github.com/lit/lit/commits/lit@2.7.0/packages/lit)

---
updated-dependencies:
- dependency-name: lit
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @lishaduck
Bump @shoelace-style/shoelace from 2.0.0-beta.82 to 2.3.0
d61acdb 
Bumps [@shoelace-style/shoelace](https://github.com/shoelace-style/shoelace) from 2.0.0-beta.82 to 2.3.0.
- [Release notes](https://github.com/shoelace-style/shoelace/releases)
- [Commits](shoelace-style/shoelace@v2.0.0-beta.82...v2.3.0)

---
updated-dependencies:
- dependency-name: "@shoelace-style/shoelace"
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@lishaduck
fix: urls in manifest.json
41fa7e2
@lishaduck
fix: manifest link
308ccc5
@lishaduck
fix: issues?
6fe84f2
@lishaduck
style: fix prettier
b33fa98
@lishaduck
fix: webhint in css
fc1672f
@lishaduck
chore: switch script to ts
9691794
@lishaduck
style: fix prettier in sw.js
832df26
@lishaduck
feat: add a tiny calculator file
5d57c52
@lishaduck
Merge branch 'main' into dependabot/npm_and_yarn/vite-plugin-pwa-0.14.7
ecd81e8
@lishaduck
Merge pull request #14 from PSDTools/dependabot/npm_and_yarn/vite-plu…
42e5d62 
…gin-pwa-0.14.7

Bump vite-plugin-pwa from 0.11.13 to 0.14.7
@lishaduck
fix: unused decorator
a329aed
@lishaduck
Merge branch 'main' into lit
425cdbc
@lishaduck
chore: move css
23ab571
@lishaduck
Merge pull request #18 from PSDTools/lit
d9ad99c 
Lit
@lishaduck
fix: paths?
9e75a83
@lishaduck
fix: missing <head> tag?
89816c0
@lishaduck
Merge pull request #19 from PSDTools/lit
605f181 
Fix paths?
@lishaduck
chore(deps): bump transitive
7ff84c0
@lishaduck
fix: comment out the manifest link for now
827a985
@lishaduck
fix: sync prod and dev
8259eb8
@lishaduck
fix: finish updating functions to use module globals
2cdb653
@lishaduck
fix: sw
49d70ab
@lishaduck
refactor: upgrade public/sw.js => src/sw.ts
9c8e45b
@lishaduck
chore: bump turbo
9f529a3
@lishaduck
chore(deps-dev): bump
bfe9e7b
@lishaduck
chore: update gitignore
5d4e9b3
@lishaduck
chore: update linting
1ef40ec
@lishaduck
chore: add gitattrs
a8c9560
@lishaduck
fix: @types/bun
08d990a
@lishaduck
refactor: remove dirname
c565ddf
@lishaduck
chore: remove unneeded image purpose
98fab49
@lishaduck
chore(deps-dev): bump
966af2d
@lishaduck
chore: bust turbo cache on lockfile changes
129cb90
@lishaduck
chore: add nvmrc
871148f
@lishaduck
chore: remove invalid elements
49eca9c
@lishaduck
fix: use node-compatible import.meta
232a95b
@lishaduck
chore: stricter lints
173cd3e
@lishaduck
fix: sw injection
2217135
@lishaduck
chore: use vanilla pwa types
c22c17b
@lishaduck
refactor: use vite-plugin-pwa to generate assets
2f45359
@lishaduck
feat: minify html
0f45ac8
@lishaduck
ci: update
dcd0b2c 
* Bump the version of Bun that CI uses.
* Use prebuilt sharp binaries.
* Use the cache.
@lishaduck
chore(deps-dev): bump
fbeb5f5
@lishaduck
Merge pull request #96 from PSDTools/map-fixes
0f91d5b 
Backport Refactors from PHS-Map
@lishaduck
chore: remove nvmrc
fa3aa45 
We use bun.
@lishaduck
chore(deps): bump
47abf09 
Hurray!
- Workbox is maintained!
- Better Sheriff types.
- Sleek turbo ui.
@lishaduck
chore(gpa): move all source files into a subdirectory
170d630
@lishaduck
Merge pull request #109 from PSDTools/prepare-repo-for-move
eb4599f 
Move all source files into a subdirectory
@lishaduck
chore(gpa): merge in PSDTools/GPA_Calculator
43bfffa
@socket-security
Copy link

socket-security bot commented Jul 9, 2024

New dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/@eslint-types/typescript-eslint@7.5.0 None 0 119 kB shinigami92
npm/@eslint-types/unicorn@52.0.0 None 0 61.2 kB shinigami92
npm/@sherifforg/types@3.1.2 None 0 6.02 kB andreapontrandolfo
npm/@types/bun@1.1.6 None +4 2.52 MB types
npm/@types/eslint@8.56.10 None +2 250 kB types
npm/@types/html-minifier-terser@7.0.2 None 0 9.39 kB types
npm/@vite-pwa/assets-generator@0.2.4 Transitive: environment, filesystem, network, shell, unsafe +68 5.65 MB userquin
npm/browserslist-to-esbuild@2.1.1 None +1 427 kB marcofugaro
npm/browserslist@4.23.1 environment, filesystem Transitive: shell +6 2.5 MB ai
npm/eslint-config-sheriff@18.7.0 eval Transitive: environment, filesystem, unsafe +378 57.9 MB andreapontrandolfo
npm/eslint-define-config@2.1.0 None 0 315 kB shinigami92
npm/eslint@8.57.0 environment, filesystem Transitive: eval, shell, unsafe +97 10.8 MB eslintbot
npm/html-minifier-terser@7.2.0 Transitive: environment, eval, filesystem, network, shell +23 10.1 MB sibiraj-s
npm/idb-keyval@6.2.1 None 0 53.8 kB jaffathecake
npm/lightningcss@1.25.1 environment Transitive: filesystem, shell +10 80.1 MB devongovett
npm/prettier@3.2.5 environment, filesystem, unsafe 0 8.39 MB prettier-bot
npm/turbo@1.13.4 None +6 127 MB turbobot
npm/typescript@5.5.3 None 0 21.9 MB typescript-bot
npm/unstorage@1.10.2 Transitive: environment, filesystem, network, shell, unsafe +86 16.8 MB pi0
npm/vite-plugin-pwa@0.20.0 filesystem Transitive: environment +21 1.27 MB userquin
npm/vite@5.3.3 environment, eval, filesystem, network, shell, unsafe +61 281 MB vitebot
npm/workbox-build@7.1.1 filesystem Transitive: environment, eval, network, shell, unsafe +342 86.4 MB tomayac
npm/workbox-core@7.1.0 environment 0 295 kB tropicadri
npm/workbox-precaching@7.1.0 environment Transitive: network +2 1000 kB tropicadri
npm/zod@3.23.8 None 0 667 kB colinmcd94

View full report↗︎

@socket-security
Copy link

socket-security bot commented Jul 9, 2024

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert Package NoteSourceCI
Install scripts npm/esbuild@0.21.5 🚫
Potential typo squat npm/eslint-plugin-react-dom@1.5.23 🚫
Potential typo squat npm/eslint-plugin-react-x@1.5.23 🚫
Install scripts npm/eslint-config-sheriff@18.7.0
  • Install script: preinstall
  • Source: npx only-allow pnpm
 🚫

View full report↗︎

Next steps

What is an install script?

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.

What is a typosquat?

Package name is similar to other popular packages and may not be the package you want.

Use care when consuming similarly named packages and ensure that you did not intend to consume a different package. Malicious packages often publish using similar names as existing popular packages.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/foo@1.0.0 or ignore all packages with @SocketSecurity ignore-all

  • @SocketSecurity ignore npm/esbuild@0.21.5
  • @SocketSecurity ignore npm/eslint-plugin-react-dom@1.5.23
  • @SocketSecurity ignore npm/eslint-plugin-react-x@1.5.23
  • @SocketSecurity ignore npm/eslint-config-sheriff@18.7.0

@lishaduck lishaduck merged commit a649be1 into main Jul 9, 2024
@lishaduck lishaduck deleted the merge-in-gpa branch July 9, 2024 00:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@lishaduck @ParkerH27 @PetalCat