Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Build: Update Nx to latest version #22694

Merged
merged 2 commits into from
May 25, 2023
Merged

Build: Update Nx to latest version #22694

merged 2 commits into from
May 25, 2023

Conversation

mandarini
Copy link
Contributor

@mandarini mandarini commented May 23, 2023
edited
Loading

What I did

Updated code and scripts to latest Nx.

How to test

yarn ci-tests run result: https://app.warp.dev/block/GjSy7m9zEsmGLyf6PpMrg3

Checklist

  • Make sure your changes are tested (stories and/or unit, integration, or end-to-end tests)
  • Make sure to add/update documentation regarding your changes
  • If you are deprecating/removing a feature, make sure to update
    MIGRATION.MD

Maintainers

  • If this PR should be tested against many or all sandboxes,
    make sure to add the ci:merged or ci:daily GH label to it.
  • Make sure this PR contains one of the labels below.

["cleanup", "BREAKING CHANGE", "feature request", "bug", "documentation", "maintenance", "dependencies", "other"]

@mandarini mandarini self-assigned this May 23, 2023
@socket-security
Copy link

socket-security bot commented May 23, 2023
edited
Loading

New dependency changes detected. Learn more about Socket for GitHub ↗︎

🚨 Potential security issues found in this pull request. To accept the risk, merge this PR and you will not be notified again.

Bot Commands

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore foo@1.0.0 bar@* or ignore all packages with @SocketSecurity ignore-all

  • @SocketSecurity ignore @nx/devkit@16.2.1
  • @SocketSecurity ignore @nx/workspace@16.2.1
  • @SocketSecurity ignore nx-cloud@16.0.5
⚠️ Shell access

This module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.

Packages should avoid accessing the shell which can reduce portability, and make it easier for malicious shell access to be introduced.

Package Module Location Source
@nx/devkit@16.2.1 (added) child_process src/tasks/install-packages-task.js code/package.json via @nx/workspace@16.2.1, scripts/package.json via @nx/workspace@16.2.1
@nx/devkit@16.2.1 (added) child_process src/utils/package-json.js code/package.json via @nx/workspace@16.2.1, scripts/package.json via @nx/workspace@16.2.1
@nx/workspace@16.2.1 (added) child_process src/generators/new/generate-preset.js code/package.json, scripts/package.json
@nx/workspace@16.2.1 (added) child_process src/generators/utils/get-npm-package-version.js code/package.json, scripts/package.json
@nx/workspace@16.2.1 (added) child_process src/utilities/default-base.js code/package.json, scripts/package.json
nx-cloud@16.0.5 (added) child_process lib/core/commands/record-output.js code/package.json, scripts/package.json
nx-cloud@16.0.5 (added) child_process lib/utilities/environment.js code/package.json, scripts/package.json
Pull request alert summary
Issue Status
Install scripts ✅ 0 issues
Native code ✅ 0 issues
Bin script confusion ✅ 0 issues
Bin script shell injection ✅ 0 issues
Shell access ⚠️ 7 issues
Uses eval ✅ 0 issues
Unresolved require ✅ 0 issues
Invalid package.json ✅ 0 issues
HTTP dependency ✅ 0 issues
Git dependency ✅ 0 issues
GitHub dependency ✅ 0 issues
New author ✅ 0 issues
Potential typo squat ✅ 0 issues
Known Malware ✅ 0 issues
Telemetry ✅ 0 issues
Protestware/Troll package ✅ 0 issues

📊 Modified Dependency Overview:

➕ Added Package Capability Access +/- Transitive Count Publisher
nx-cloud@16.0.5 filesystem, shell, environment +4 altan-nrwl
nx@16.2.1 environment +20 nrwl-jason
@nx/workspace@16.2.1 filesystem, shell, environment +28 nrwl-jason

🚮 Removed packages: @nrwl/nx-cloud@15.3.5, @nrwl/workspace@15.9.4

@mandarini mandarini mentioned this pull request May 23, 2023
Closed
5 tasks
@mandarini mandarini marked this pull request as ready for review May 23, 2023 11:43
@ndelangen ndelangen self-requested a review May 23, 2023 11:50
@mandarini
Copy link
Contributor Author

@ndelangen it seems that only the [chromatic-internal-storybooks] are failing now, and I am not sure the error I'm seeing is related to the Nx update?

@shilman shilman added build Internal-facing build tooling & test updates and removed dependencies labels May 23, 2023
@shilman shilman changed the title feat(repo): updated Nx to latest version Build: Update Nx to latest version May 23, 2023
@IanVS IanVS removed their request for review May 25, 2023 12:55
@chakAs3 chakAs3 merged commit e8c1164 into next May 25, 2023
@chakAs3 chakAs3 deleted the feat/upgrade-latest-nx branch May 25, 2023 13:35
@chakAs3 chakAs3 restored the feat/upgrade-latest-nx branch May 25, 2023 21:04
@chakAs3
Copy link
Contributor

chakAs3 commented May 26, 2023

@ndelangen it seems that only the [chromatic-internal-storybooks] are failing now, and I am not sure the error I'm seeing is related to the Nx update?

yes only chromatic sandboxes, i'm working on it you see how we can fix it

@yannbf yannbf mentioned this pull request May 26, 2023
Merged
5 tasks
@stof stof deleted the feat/upgrade-latest-nx branch August 2, 2023 15:36
This pull request was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@chakAs3 chakAs3 chakAs3 approved these changes

@shilman shilman Awaiting requested review from shilman

@ndelangen ndelangen Awaiting requested review from ndelangen

Assignees

@mandarini mandarini

Labels
build Internal-facing build tooling & test updates
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@mandarini @chakAs3 @shilman