Conversation
✅ Deploy Preview for devspace-docs canceled.
|
zerbitx
force-pushed
the
DSP-176
branch
2 times, most recently
from
0418389 to
c6f59d2
Compare
Signed-off-by: Ryan Swanson <ryan.swanson@loft.sh>
…amic HTTP responses - add per-run build markers to restarthelper fixtures to avoid cached image reuse - retry sync writes until the remote file reflects the change instead of assuming watcher readiness - sanitize terminal output parsing so pod name detection is resilient to control characters - deduplicate image tag lookup logic in build tests - clean up env var set/unset handling across e2e tests to satisfy errcheck
- lazy-load node-fetch, cli-spinner, inquirer, and find-process in dist/npm/index.js - switch get-latest to built-in https so it can run without local node_modules - keep postinstall working when find-process is not yet installed - prevent npm global install from failing during prepare/postinstall in a clean checkout Signed-off-by: Ryan Swanson <ryan.swanson@loft.sh>
- lazy-load optional installer dependencies in dist/npm/index.js - use built-in https for latest-version lookup and release downloads - fall back to plain logging when cli-spinner is unavailable - keep finish-install working without local node_modules in clean checkouts - teach npm launcher scripts to resolve index.js from the npx temp package layout - preserve existing global npm and yarn fallback lookup behavior
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What issue type does this pull request address? (keep at least one, remove the others)
/kind bugfix
What does this pull request do? Which issues does it resolve? (use
resolves #<issue_number>if possible)resolves #DSP-176
Please provide a short message that should be published in the DevSpace release notes
See: https://github.com/devspace-sh/devspace/security/advisories/GHSA-hqwm-7x7x-8379
What else do we need to know?
The changes pertaining to the CVE are all to do with the websocket upgrader and logs, but ci was failing for a variety of reasons. I kept it a several commits rather than forcing them all into one to make review easier. The windows unit test failure is due to helm v4 already being on the runner, so it doesn't download v3 and the version string check fails. I can add something to the workflow to remove the default installed helm so it will pass, but I figured we could also just leave that to a future PR.