Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(repo): Remove eslint-config-custom from react's deps #3307

Merged
merged 12 commits into from
May 7, 2024
Merged

chore(repo): Remove eslint-config-custom from react's deps #3307

merged 12 commits into from
May 7, 2024

Conversation

BRKalow
Copy link
Member

@BRKalow BRKalow commented May 1, 2024

Description

eslint-config-custom should only be a devDependency, not a direct dependency. This ensures we don't attempt to download the package when @clerk/clerk-react is installed.

Checklist

  • npm test runs as expected.
  • npm run build runs as expected.
  • (If applicable) JSDoc comments have been added or updated for any package exports
  • (If applicable) Documentation has been updated

Type of change

  • 馃悰 Bug fix
  • 馃専 New feature
  • 馃敤 Breaking change
  • 馃摉 Refactoring / dependency upgrade / documentation
  • other:

@changeset-bot changeset-bot
Copy link

changeset-bot bot commented May 1, 2024
edited

馃 Changeset detected

Latest commit: da492a3

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 14 packages
Name Type
@clerk/eslint-config-custom Patch
@clerk/clerk-react Patch
@clerk/backend Patch
@clerk/chrome-extension Patch
@clerk/clerk-js Patch
@clerk/elements Patch
@clerk/clerk-expo Patch
@clerk/express Patch
@clerk/fastify Patch
@clerk/nextjs Patch
@clerk/remix Patch
@clerk/clerk-sdk-node Patch
@clerk/testing Patch
@clerk/themes Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@BRKalow BRKalow requested a review from tmilewski May 1, 2024 20:24
@blaine-arcjet
Copy link

I think this exists as a dependency in other package.json files in the monorepo.

@blaine-arcjet
Copy link

Also, why doesn't this use a scoped package so there is no risk at all of downloading the published package?

@BRKalow
Copy link
Member Author

BRKalow commented May 1, 2024

@blaine-arcjet This was the only entry under dependencies that I could find 馃. devDependencies should be a non-issue. Yeah, agreed on the package name. Will update, thanks!

@BRKalow BRKalow enabled auto-merge (squash) May 1, 2024 22:11
@davidmytton davidmytton mentioned this pull request May 2, 2024
Merged
@blaine-arcjet
Copy link

Are y'all planning to roll this out? It's a supply chain vulnerability in your packages

@BRKalow BRKalow merged commit 39265d9 into main May 7, 2024
10 checks passed
@BRKalow BRKalow deleted the brk.fix/eslint-config-custom-dev-dep branch May 7, 2024 11:32
@clerk-cookie clerk-cookie mentioned this pull request May 7, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tmilewski tmilewski tmilewski approved these changes

@nikosdouvlis nikosdouvlis nikosdouvlis approved these changes

@LekoArts LekoArts LekoArts approved these changes

@desiprisg desiprisg desiprisg approved these changes

Assignees
No one assigned
Labels
backend chrome-extension clerk-js elements expo express fastify gatsby localizations nextjs react remix sdk-node testing themes types
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
7 participants
@BRKalow @blaine-arcjet @tmilewski @nikosdouvlis @LekoArts @desiprisg @clerk-cookie