New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[full-ci] remove outdated and unused cldr dep from kpop in idp package #7988
Conversation
Thanks for opening this pull request! The maintainers of this repository would appreciate it if you would create a changelog item based on your changes. |
debf5d4
to
fdb6e80
Compare
fdb6e80
to
da8ae85
Compare
}, | ||
"pnpm": { | ||
"overrides": { | ||
"kpop>cldr": "" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could you please add a comment or link this pr for now ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Douglas Crockford:
I removed comments from JSON because I saw people were using them to hold parsing directives, a practice which would have destroyed interoperability. I know that the lack of comments makes some people sad, but it shouldn't.
Suppose you are using JSON to keep configuration files, which you would like to annotate. Go ahead and insert all the comments you like. Then pipe it through JSMin before handing it to your JSON parser.
TL;DR: no comments in json. Vscode and TS allow it, but it's non-standard and pnpm doesn't.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That's in fact why I didn't add a comment :-)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM. I restarted the pipeline, looked unrelated at a first glance.
Quality Gate passedKudos, no new issues were introduced! 0 New issues |
@kulmann Hm, upstream completely removed the kpop dependency itself (See: libregraph/lico#5). Shouldn't we just do that as well? Especially as kpop is originally coming from kopano as well. In general it would be nice to stay in sync with https://github.com/libregraph/lico as much as possible. |
For a security patch the PR should be ok... I'm not in favour of the "busy work" to stay in sync with upstream lico, especially since it's supposed to go away. Could you post your comment again to this issue, so that we can continue discussing it? #7957 |
[full-ci] remove outdated and unused cldr dep from kpop in idp package
Description
The idp ui uses
kpop
(opinionated react component library), which declares an outdatedcldr
version without even using it. Since that currently has a security issue, we're patching the idp ui to remove thecldr
dependency fromkpop
entirely.Asked upstream, if we can safely remove the dependency. Kopano-dev/kpop#40
Related Issue
Motivation and Context
Security
Types of changes
Checklist: