From 231e1f9da81c1d779000397895b2636430742821 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 21 Jan 2025 22:31:23 +0000 Subject: [PATCH 1/6] chore(deps): update dependency @types/lodash to v4.17.14 (#11914) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [@types/lodash](https://redirect.github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/lodash) ([source](https://redirect.github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/lodash)) | [`4.17.13` -> `4.17.14`](https://renovatebot.com/diffs/npm/@types%2flodash/4.17.13/4.17.14) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@types%2flodash/4.17.14?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@types%2flodash/4.17.14?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@types%2flodash/4.17.13/4.17.14?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@types%2flodash/4.17.13/4.17.14?slim=true)](https://docs.renovatebot.com/merge-confidence/) | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/redwoodjs/redwood). Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- packages/api-server/package.json | 2 +- packages/cli-helpers/package.json | 2 +- packages/core/package.json | 2 +- packages/graphql-server/package.json | 2 +- packages/structure/package.json | 2 +- yarn.lock | 18 +++++++++--------- 6 files changed, 14 insertions(+), 14 deletions(-) diff --git a/packages/api-server/package.json b/packages/api-server/package.json index 936a61e104ad..2ed7c5bafd60 100644 --- a/packages/api-server/package.json +++ b/packages/api-server/package.json @@ -53,7 +53,7 @@ "devDependencies": { "@redwoodjs/framework-tools": "workspace:*", "@types/aws-lambda": "8.10.145", - "@types/lodash": "4.17.13", + "@types/lodash": "4.17.14", "@types/qs": "6.9.16", "@types/split2": "4.2.3", "@types/yargs": "17.0.33", diff --git a/packages/cli-helpers/package.json b/packages/cli-helpers/package.json index 5ea781262c8b..8304a1013eef 100644 --- a/packages/cli-helpers/package.json +++ b/packages/cli-helpers/package.json @@ -75,7 +75,7 @@ "devDependencies": { "@redwoodjs/framework-tools": "workspace:*", "@types/dotenv-defaults": "^2.0.4", - "@types/lodash": "4.17.13", + "@types/lodash": "4.17.14", "@types/pascalcase": "1.0.3", "@types/semver": "^7", "@types/yargs": "17.0.33", diff --git a/packages/core/package.json b/packages/core/package.json index 52fb155be47c..2e030e676cc7 100644 --- a/packages/core/package.json +++ b/packages/core/package.json @@ -55,7 +55,7 @@ }, "devDependencies": { "@redwoodjs/framework-tools": "workspace:*", - "@types/lodash": "4.17.13", + "@types/lodash": "4.17.14", "publint": "0.2.12", "tsx": "4.19.2" }, diff --git a/packages/graphql-server/package.json b/packages/graphql-server/package.json index 3c0967c435cd..51a9bc29c22a 100644 --- a/packages/graphql-server/package.json +++ b/packages/graphql-server/package.json @@ -54,7 +54,7 @@ "@redwoodjs/realtime": "workspace:*", "@types/aws-lambda": "8.10.145", "@types/jsonwebtoken": "9.0.7", - "@types/lodash": "4.17.13", + "@types/lodash": "4.17.14", "@types/uuid": "10.0.0", "@whatwg-node/fetch": "0.9.21", "jest": "29.7.0", diff --git a/packages/structure/package.json b/packages/structure/package.json index 40ec9eb1ecb3..8d83851c28c2 100644 --- a/packages/structure/package.json +++ b/packages/structure/package.json @@ -54,7 +54,7 @@ "@babel/cli": "7.25.7", "@babel/core": "^7.22.20", "@types/fs-extra": "11.0.4", - "@types/lodash": "4.17.13", + "@types/lodash": "4.17.14", "@types/node": "20.17.10", "@types/vscode": "1.96.0", "typescript": "5.6.2", diff --git a/yarn.lock b/yarn.lock index 84638a1ee727..03a6e31e3d4b 100644 --- a/yarn.lock +++ b/yarn.lock @@ -7425,7 +7425,7 @@ __metadata: "@redwoodjs/project-config": "workspace:*" "@redwoodjs/web-server": "workspace:*" "@types/aws-lambda": "npm:8.10.145" - "@types/lodash": "npm:4.17.13" + "@types/lodash": "npm:4.17.14" "@types/qs": "npm:6.9.16" "@types/split2": "npm:4.2.3" "@types/yargs": "npm:17.0.33" @@ -8087,7 +8087,7 @@ __metadata: "@redwoodjs/project-config": "workspace:*" "@redwoodjs/telemetry": "workspace:*" "@types/dotenv-defaults": "npm:^2.0.4" - "@types/lodash": "npm:4.17.13" + "@types/lodash": "npm:4.17.14" "@types/pascalcase": "npm:1.0.3" "@types/semver": "npm:^7" "@types/yargs": "npm:17.0.33" @@ -8290,7 +8290,7 @@ __metadata: "@redwoodjs/project-config": "workspace:*" "@redwoodjs/testing": "workspace:*" "@redwoodjs/web-server": "workspace:*" - "@types/lodash": "npm:4.17.13" + "@types/lodash": "npm:4.17.14" graphql-tag: "npm:2.12.6" lodash: "npm:4.17.21" nodemon: "npm:3.1.9" @@ -8455,7 +8455,7 @@ __metadata: "@redwoodjs/realtime": "workspace:*" "@types/aws-lambda": "npm:8.10.145" "@types/jsonwebtoken": "npm:9.0.7" - "@types/lodash": "npm:4.17.13" + "@types/lodash": "npm:4.17.14" "@types/uuid": "npm:10.0.0" "@whatwg-node/fetch": "npm:0.9.21" core-js: "npm:3.38.1" @@ -8831,7 +8831,7 @@ __metadata: "@redwoodjs/project-config": "workspace:*" "@types/fs-extra": "npm:11.0.4" "@types/line-column": "npm:1.0.2" - "@types/lodash": "npm:4.17.13" + "@types/lodash": "npm:4.17.14" "@types/node": "npm:20.17.10" "@types/vscode": "npm:1.96.0" camelcase: "npm:6.3.0" @@ -11123,10 +11123,10 @@ __metadata: languageName: node linkType: hard -"@types/lodash@npm:4.17.13, @types/lodash@npm:^4.14.167": - version: 4.17.13 - resolution: "@types/lodash@npm:4.17.13" - checksum: 10c0/c3d0b7efe7933ac0369b99f2f7bff9240d960680fdb74b41ed4bd1b3ca60cca1e31fe4046d9abbde778f941a41bc2a75eb629abf8659fa6c27b66efbbb0802a9 +"@types/lodash@npm:4.17.14, @types/lodash@npm:^4.14.167": + version: 4.17.14 + resolution: "@types/lodash@npm:4.17.14" + checksum: 10c0/343c6f722e0b39969036a885ad5aad6578479ead83987128c9b994e6b7f2fb9808244d802d4d332396bb09096f720a6c7060de16a492f5460e06a44560360322 languageName: node linkType: hard From dc974b56b2a4ee5765da78aa6cd0aeb27d974414 Mon Sep 17 00:00:00 2001 From: Tobbe Lundberg Date: Thu, 23 Jan 2025 16:39:26 +0100 Subject: [PATCH 2/6] fix(cli): Pin TailwindCSS to v3 (#11920) --- .changesets/11920.md | 4 ++++ packages/cli/src/commands/setup/ui/libraries/tailwindcss.js | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) create mode 100644 .changesets/11920.md diff --git a/.changesets/11920.md b/.changesets/11920.md new file mode 100644 index 000000000000..6fd2df72318b --- /dev/null +++ b/.changesets/11920.md @@ -0,0 +1,4 @@ +- fix(cli): Pin TailwindCSS to v3 (#11920) by @Tobbe + +Pinning TW to v3 for our `yarn rw setup ui tailwind` command until we've added +support for TW v4 diff --git a/packages/cli/src/commands/setup/ui/libraries/tailwindcss.js b/packages/cli/src/commands/setup/ui/libraries/tailwindcss.js index e8ce95182058..ed1bbf683adc 100644 --- a/packages/cli/src/commands/setup/ui/libraries/tailwindcss.js +++ b/packages/cli/src/commands/setup/ui/libraries/tailwindcss.js @@ -121,7 +121,7 @@ export const handler = async ({ force, install }) => { const webWorkspacePackages = [ 'postcss', 'postcss-loader', - 'tailwindcss', + 'tailwindcss@^3.4.17', 'autoprefixer', ] From 7ed8f3854363051934a4f75a91594d4dd3275e1a Mon Sep 17 00:00:00 2001 From: Tobbe Lundberg Date: Fri, 24 Jan 2025 08:10:33 +0100 Subject: [PATCH 3/6] feat(cli): Add support for RWJS_CWD and --cwd to TW setup (#11923) --- .../setup/ui/libraries/tailwindcss.js | 32 +++++++++++-------- 1 file changed, 19 insertions(+), 13 deletions(-) diff --git a/packages/cli/src/commands/setup/ui/libraries/tailwindcss.js b/packages/cli/src/commands/setup/ui/libraries/tailwindcss.js index ed1bbf683adc..945670c8a347 100644 --- a/packages/cli/src/commands/setup/ui/libraries/tailwindcss.js +++ b/packages/cli/src/commands/setup/ui/libraries/tailwindcss.js @@ -138,12 +138,18 @@ export const handler = async ({ force, install }) => { task: async () => { const yarnVersion = await execa('yarn', ['--version']) const isYarnV1 = yarnVersion.stdout.trim().startsWith('1') - await execa('yarn', [ - 'add', - '-D', - ...(isYarnV1 ? ['-W'] : []), - ...projectPackages, - ]) + await execa( + 'yarn', + [ + 'add', + '-D', + ...(isYarnV1 ? ['-W'] : []), + ...projectPackages, + ], + { + cwd: rwPaths.base, + }, + ) }, }, ], @@ -160,13 +166,13 @@ export const handler = async ({ force, install }) => { { title: `Install ${webWorkspacePackages.join(', ')}`, task: async () => { - await execa('yarn', [ - 'workspace', - 'web', - 'add', - '-D', - ...webWorkspacePackages, - ]) + await execa( + 'yarn', + ['workspace', 'web', 'add', '-D', ...webWorkspacePackages], + { + cwd: rwPaths.base, + }, + ) }, }, ], From c30440a90b6d659616272d4a57588ec6e684ec79 Mon Sep 17 00:00:00 2001 From: Tobbe Lundberg Date: Fri, 24 Jan 2025 09:22:27 +0100 Subject: [PATCH 4/6] chore(test-project): Pin TW to v3 (#11924) --- tasks/test-project/tui-tasks.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tasks/test-project/tui-tasks.js b/tasks/test-project/tui-tasks.js index 5958f4633b1a..e3354ea4a550 100644 --- a/tasks/test-project/tui-tasks.js +++ b/tasks/test-project/tui-tasks.js @@ -349,9 +349,10 @@ async function webTasks(outputPath, { linkWithLatestFwBuild }) { { title: 'Install tailwind dependencies', // @NOTE: use rwfw, because calling the copy function doesn't seem to work here + // TODO: Try using tarsync. See if that removes the need for this workaround task: async () => { await exec( - 'yarn workspace web add -D postcss postcss-loader tailwindcss autoprefixer prettier-plugin-tailwindcss@^0.5.12', + 'yarn workspace web add -D postcss postcss-loader tailwindcss@^3.4.17 autoprefixer prettier-plugin-tailwindcss@^0.5.12', [], getExecaOptions(outputPath), ) From fc09755baba0fab073a1a1a495cd24c5fbbdd287 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 24 Jan 2025 08:33:59 +0000 Subject: [PATCH 5/6] fix(deps): update dependency vite to v5.4.12 [security] (#11916) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [vite](https://vite.dev) ([source](https://redirect.github.com/vitejs/vite/tree/HEAD/packages/vite)) | [`5.4.8` -> `5.4.12`](https://renovatebot.com/diffs/npm/vite/5.4.8/5.4.12) | [![age](https://developer.mend.io/api/mc/badges/age/npm/vite/5.4.12?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/vite/5.4.12?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/vite/5.4.8/5.4.12?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/vite/5.4.8/5.4.12?slim=true)](https://docs.renovatebot.com/merge-confidence/) | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. ### GitHub Vulnerability Alerts #### [CVE-2025-24010](https://redirect.github.com/vitejs/vite/security/advisories/GHSA-vg6x-rcgg-rjx6) ### Summary Vite allowed any websites to send any requests to the development server and read the response due to default CORS settings and lack of validation on the Origin header for WebSocket connections. ### Upgrade Path Users that does not match either of the following conditions should be able to upgrade to a newer version of Vite that fixes the vulnerability without any additional configuration. - Using the backend integration feature - Using a reverse proxy in front of Vite - Accessing the development server via a domain other than `localhost` or `*.localhost` - Using a plugin / framework that connects to the WebSocket server on their own from the browser #### Using the backend integration feature If you are using the backend integration feature and not setting [`server.origin`](https://vite.dev/config/server-options.html#server-origin), you need to add the origin of the backend server to the [`server.cors.origin`](https://redirect.github.com/expressjs/cors#configuration-options) option. Make sure to set a specific origin rather than `*`, otherwise any origin can access your development server. #### Using a reverse proxy in front of Vite If you are using a reverse proxy in front of Vite and sending requests to Vite with a hostname other than `localhost` or `*.localhost`, you need to add the hostname to the new [`server.allowedHosts`](https://vite.dev/config/server-options.html#server-allowedhosts) option. For example, if the reverse proxy is sending requests to `http://vite:5173`, you need to add `vite` to the `server.allowedHosts` option. #### Accessing the development server via a domain other than `localhost` or `*.localhost` You need to add the hostname to the new [`server.allowedHosts`](https://vite.dev/config/server-options.html#server-allowedhosts) option. For example, if you are accessing the development server via `http://foo.example.com:8080`, you need to add `foo.example.com` to the `server.allowedHosts` option. #### Using a plugin / framework that connects to the WebSocket server on their own from the browser If you are using a plugin / framework, try upgrading to a newer version of Vite that fixes the vulnerability. If the WebSocket connection appears not to be working, the plugin / framework may have a code that connects to the WebSocket server on their own from the browser. In that case, you can either: - fix the plugin / framework code to the make it compatible with the new version of Vite - set `legacy.skipWebSocketTokenCheck: true` to opt-out the fix for [2] while the plugin / framework is incompatible with the new version of Vite - When enabling this option, **make sure that you are aware of the security implications** described in the impact section of [2] above. ### Mitigation without upgrading Vite #### [1]: Permissive default CORS settings Set `server.cors` to `false` or limit `server.cors.origin` to trusted origins. #### [2]: Lack of validation on the Origin header for WebSocket connections There aren't any mitigations for this. #### [3]: Lack of validation on the Host header for HTTP requests Use Chrome 94+ or use HTTPS for the development server. ### Details There are three causes that allowed malicious websites to send any requests to the development server: #### [1]: Permissive default CORS settings Vite sets the [`Access-Control-Allow-Origin`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin) header depending on [`server.cors`](https://vite.dev/config/server-options.html#server-cors) option. The default value was `true` which sets `Access-Control-Allow-Origin: *`. This allows websites on any origin to `fetch` contents served on the development server. Attack scenario: 1. The attacker serves a malicious web page (`http://malicious.example.com`). 2. The user accesses the malicious web page. 3. The attacker sends a `fetch('http://127.0.0.1:5173/main.js')` request by JS in that malicious web page. This request is normally blocked by same-origin policy, but that's not the case for the reasons above. 4. The attacker gets the content of `http://127.0.0.1:5173/main.js`. #### [2]: Lack of validation on the Origin header for WebSocket connections Vite starts a WebSocket server to handle HMR and other functionalities. This WebSocket server [did not perform validation on the Origin header](https://redirect.github.com/vitejs/vite/blob/v6.0.7/packages/vite/src/node/server/ws.ts#L145-L157) and was vulnerable to Cross-Site WebSocket Hijacking (CSWSH) attacks. With that attack, an attacker can read and write messages on the WebSocket connection. Vite only sends some information over the WebSocket connection ([list of the file paths that changed, the file content where the errored happened, etc.](https://redirect.github.com/vitejs/vite/blob/v6.0.7/packages/vite/types/hmrPayload.d.ts#L12-L72)), but plugins can send arbitrary messages and may include more sensitive information. Attack scenario: 1. The attacker serves a malicious web page (`http://malicious.example.com`). 2. The user accesses the malicious web page. 3. The attacker runs `new WebSocket('http://127.0.0.1:5173', 'vite-hmr')` by JS in that malicious web page. 4. The user edits some files. 5. Vite sends some HMR messages over WebSocket. 6. The attacker gets the content of the HMR messages. #### [3]: Lack of validation on the Host header for HTTP requests Unless [`server.https`](https://vite.dev/config/server-options.html#server-https) is set, Vite starts the development server on HTTP. Non-HTTPS servers are vulnerable to DNS rebinding attacks without validation on the Host header. But Vite did not perform validation on the Host header. By exploiting this vulnerability, an attacker can send arbitrary requests to the development server bypassing the same-origin policy. 1. The attacker serves a malicious web page that is served on **HTTP** (`http://malicious.example.com:5173`) (HTTPS won't work). 2. The user accesses the malicious web page. 3. The attacker changes the DNS to point to 127.0.0.1 (or other private addresses). 4. The attacker sends a `fetch('/main.js')` request by JS in that malicious web page. 5. The attacker gets the content of `http://127.0.0.1:5173/main.js` bypassing the same origin policy. ### Impact #### [1]: Permissive default CORS settings Users with the default `server.cors` option may: - get the source code stolen by malicious websites - give the attacker access to functionalities that are not supposed to be exposed externally - Vite core does not have any functionality that causes changes somewhere else when receiving a request, but plugins may implement those functionalities and servers behind `server.proxy` may have those functionalities. #### [2]: Lack of validation on the Origin header for WebSocket connections All users may get the file paths of the files that changed and the file content where the error happened be stolen by malicious websites. For users that is using a plugin that sends messages over WebSocket, that content may be stolen by malicious websites. For users that is using a plugin that has a functionality that is triggered by messages over WebSocket, that functionality may be exploited by malicious websites. #### [3]: Lack of validation on the Host header for HTTP requests Users using HTTP for the development server and using a browser that is not Chrome 94+ may: - get the source code stolen by malicious websites - give the attacker access to functionalities that are not supposed to be exposed externally - Vite core does not have any functionality that causes changes somewhere else when receiving a request, but plugins may implement those functionalities and servers behind `server.proxy` may have those functionalities. Chrome 94+ users are not affected for [3], because [sending a request to a private network page from public non-HTTPS page is forbidden](https://developer.chrome.com/blog/private-network-access-update#chrome_94) since Chrome 94. ### Related Information Safari has [a bug that blocks requests to loopback addresses from HTTPS origins](https://bugs.webkit.org/show_bug.cgi?id=171934). This means when the user is using Safari and Vite is listening on lookback addresses, there's another condition of "the malicious web page is served on HTTP" to make [1] and [2] to work. ### PoC #### [2]: Lack of validation on the Origin header for WebSocket connections 1. I used the `react` template which utilizes HMR functionality. ``` npm create vite@latest my-vue-app-react -- --template react ``` 2. Then on a malicious server, serve the following POC html: ```html vite CSWSH
``` 3. Kick off Vite ``` npm run dev ``` 4. Load the development server (open `http://localhost:5173/`) as well as the malicious page in the browser. 5. Edit `src/App.jsx` file and intentionally place a syntax error 6. Notice how the malicious page can view the websocket messages and a snippet of the source code is exposed Here's a video demonstrating the POC: https://github.com/user-attachments/assets/a4ad05cd-0b34-461c-9ff6-d7c8663d6961 --- ### Release Notes
vitejs/vite (vite) ### [`v5.4.12`](https://redirect.github.com/vitejs/vite/releases/tag/v5.4.12) [Compare Source](https://redirect.github.com/vitejs/vite/compare/v5.4.11...v5.4.12) Please refer to [CHANGELOG.md](https://redirect.github.com/vitejs/vite/blob/v5.4.12/packages/vite/CHANGELOG.md) for details. ### [`v5.4.11`](https://redirect.github.com/vitejs/vite/releases/tag/v5.4.11) [Compare Source](https://redirect.github.com/vitejs/vite/compare/v5.4.10...v5.4.11) Please refer to [CHANGELOG.md](https://redirect.github.com/vitejs/vite/blob/v5.4.11/packages/vite/CHANGELOG.md) for details. ### [`v5.4.10`](https://redirect.github.com/vitejs/vite/releases/tag/v5.4.10) [Compare Source](https://redirect.github.com/vitejs/vite/compare/v5.4.9...v5.4.10) Please refer to [CHANGELOG.md](https://redirect.github.com/vitejs/vite/blob/v5.4.10/packages/vite/CHANGELOG.md) for details. ### [`v5.4.9`](https://redirect.github.com/vitejs/vite/releases/tag/v5.4.9) [Compare Source](https://redirect.github.com/vitejs/vite/compare/v5.4.8...v5.4.9) Please refer to [CHANGELOG.md](https://redirect.github.com/vitejs/vite/blob/v5.4.9/packages/vite/CHANGELOG.md) for details.
--- ### Configuration 📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about these updates again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/redwoodjs/redwood). Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Tobbe Lundberg --- packages/ogimage-gen/package.json | 2 +- packages/storybook/package.json | 2 +- packages/vite/package.json | 2 +- yarn.lock | 14 +++++++------- 4 files changed, 10 insertions(+), 10 deletions(-) diff --git a/packages/ogimage-gen/package.json b/packages/ogimage-gen/package.json index 997af30f766e..2bdd60c35546 100644 --- a/packages/ogimage-gen/package.json +++ b/packages/ogimage-gen/package.json @@ -55,7 +55,7 @@ "ts-toolbelt": "9.6.0", "tsx": "4.19.2", "typescript": "5.6.2", - "vite": "5.4.8", + "vite": "5.4.12", "vitest": "2.0.5" }, "gitHead": "3905ed045508b861b495f8d5630d76c7a157d8f1" diff --git a/packages/storybook/package.json b/packages/storybook/package.json index 91fe0a5fc242..143ec9cfa9f2 100644 --- a/packages/storybook/package.json +++ b/packages/storybook/package.json @@ -62,7 +62,7 @@ "@types/node": "20.17.10", "tsx": "4.19.2", "typescript": "5.6.2", - "vite": "5.4.8" + "vite": "5.4.12" }, "peerDependencies": { "@redwoodjs/project-config": "workspace:*", diff --git a/packages/vite/package.json b/packages/vite/package.json index 0ccfac7cf548..a8172abc417d 100644 --- a/packages/vite/package.json +++ b/packages/vite/package.json @@ -85,7 +85,7 @@ "react": "19.0.0-rc-f2df5694-20240916", "react-server-dom-webpack": "19.0.0-rc-f2df5694-20240916", "rimraf": "6.0.1", - "vite": "5.4.8", + "vite": "5.4.12", "vite-plugin-cjs-interop": "2.1.4", "vite-plugin-node-polyfills": "0.22.0", "ws": "8.18.0", diff --git a/yarn.lock b/yarn.lock index 03a6e31e3d4b..f66c40fd0db9 100644 --- a/yarn.lock +++ b/yarn.lock @@ -8653,7 +8653,7 @@ __metadata: ts-toolbelt: "npm:9.6.0" tsx: "npm:4.19.2" typescript: "npm:5.6.2" - vite: "npm:5.4.8" + vite: "npm:5.4.12" vitest: "npm:2.0.5" languageName: unknown linkType: soft @@ -8978,7 +8978,7 @@ __metadata: rollup: "npm:4.24.0" tsx: "npm:4.19.2" typescript: "npm:5.6.2" - vite: "npm:5.4.8" + vite: "npm:5.4.12" vite-plugin-cjs-interop: "npm:2.1.4" vite-plugin-node-polyfills: "npm:0.22.0" vitest: "npm:2.0.5" @@ -27896,7 +27896,7 @@ __metadata: tsx: "npm:4.19.2" typescript: "npm:5.6.2" unplugin-auto-import: "npm:0.18.3" - vite: "npm:5.4.8" + vite: "npm:5.4.12" peerDependencies: "@redwoodjs/project-config": "workspace:*" "@redwoodjs/router": "workspace:*" @@ -29943,9 +29943,9 @@ __metadata: languageName: node linkType: hard -"vite@npm:5.4.8, vite@npm:^5.0.0": - version: 5.4.8 - resolution: "vite@npm:5.4.8" +"vite@npm:5.4.12, vite@npm:^5.0.0": + version: 5.4.12 + resolution: "vite@npm:5.4.12" dependencies: esbuild: "npm:^0.21.3" fsevents: "npm:~2.3.3" @@ -29982,7 +29982,7 @@ __metadata: optional: true bin: vite: bin/vite.js - checksum: 10c0/af70af6d6316a3af71f44ebe3ab343bd66450d4157af73af3b32239e1b6ec43ff6f651d7cc4193b21ed3bff2e9356a3de9e96aee53857f39922e4a2d9fad75a1 + checksum: 10c0/a0f130e3e0c781f54c60ee4b7cccf92c266e4117be1f65ab55c02abc27b29fa70dc0ed05eca54a9983f76450063a47f86db06ac49f28ee96392a0dc362b17da8 languageName: node linkType: hard From 0a4e62c25b68adf369496a86312342d16c8290f9 Mon Sep 17 00:00:00 2001 From: Tobbe Lundberg Date: Fri, 24 Jan 2025 16:21:47 +0100 Subject: [PATCH 6/6] chore(test-project): Switch tui-tasks to TypeScript (#11926) --- tasks/test-project/codemods/models.js | 14 ++--- .../rebuild-fragments-test-project-fixture.ts | 14 ++--- .../rebuild-test-project-fixture.ts | 14 ++--- tasks/test-project/tasks.js | 1 - .../{tui-tasks.js => tui-tasks.ts} | 61 +++++++++---------- tasks/test-project/typing.ts | 14 +++++ tasks/tsconfig.json | 3 +- 7 files changed, 65 insertions(+), 56 deletions(-) rename tasks/test-project/{tui-tasks.js => tui-tasks.ts} (96%) diff --git a/tasks/test-project/codemods/models.js b/tasks/test-project/codemods/models.js index 46bb8ea12b4c..92dcfaba5005 100644 --- a/tasks/test-project/codemods/models.js +++ b/tasks/test-project/codemods/models.js @@ -1,6 +1,4 @@ -/* eslint-env node, es6*/ - -const post = `model Post { +export const post = `model Post { id Int @id @default(autoincrement()) title String body String @@ -9,7 +7,7 @@ const post = `model Post { createdAt DateTime @default(now()) }` -const contact = `model Contact { +export const contact = `model Contact { id Int @id @default(autoincrement()) name String email String @@ -17,7 +15,7 @@ const contact = `model Contact { createdAt DateTime @default(now()) }` -const user = `model User { +export const user = `model User { id Int @id @default(autoincrement()) email String @unique hashedPassword String @@ -29,7 +27,7 @@ const user = `model User { posts Post[] }` -const produce = `model Produce { +export const produce = `model Produce { id String @id @default(cuid()) name String @unique quantity Int @@ -48,11 +46,9 @@ const produce = `model Produce { stallId String }` -const stall = `model Stall { +export const stall = `model Stall { id String @id @default(cuid()) name String stallNumber String @unique produce Produce[] }` - -module.exports = { post, contact, user, produce, stall } diff --git a/tasks/test-project/rebuild-fragments-test-project-fixture.ts b/tasks/test-project/rebuild-fragments-test-project-fixture.ts index 939161fc32fc..920e9373e648 100755 --- a/tasks/test-project/rebuild-fragments-test-project-fixture.ts +++ b/tasks/test-project/rebuild-fragments-test-project-fixture.ts @@ -15,7 +15,7 @@ import { copyFrameworkPackages, } from './frameworkLinking' import { webTasks, apiTasks, fragmentsTasks } from './tui-tasks' -import { isAwaitable } from './typing' +import { isAwaitable, isTuiError } from './typing' import type { TuiTaskDef } from './typing' import { getExecaOptions as utilGetExecaOptions, @@ -140,13 +140,16 @@ async function tuiTask({ step, title, content, task, parent }: TuiTaskDef) { 'stdout:\n' + e.stdout + '\n\n' + 'stderr:\n' + e.stderr, ) } else { + const message = isTuiError(e) ? e.message : '' + tui.displayError( 'Failed ' + title.toLowerCase().replace('...', ''), - e.message, + message || '', ) } - process.exit(e.exitCode) + const exitCode = isTuiError(e) ? e.exitCode : undefined + process.exit(exitCode) } if (isAwaitable(promise)) { @@ -197,11 +200,8 @@ async function tuiTask({ step, title, content, task, parent }: TuiTaskDef) { /** * Function that returns a string to show when skipping the task, or just * true|false to indicate whether the task should be skipped or not. - * - * @param {string} startStep - * @param {string} currentStep */ -function skipFn(startStep, currentStep) { +function skipFn(startStep: string, currentStep: string) { const startStepNrs = startStep.split('.').map((s) => parseInt(s, 10)) const currentStepNrs = currentStep.split('.').map((s) => parseInt(s, 10)) diff --git a/tasks/test-project/rebuild-test-project-fixture.ts b/tasks/test-project/rebuild-test-project-fixture.ts index b7e66f932ea8..37157f6dc857 100755 --- a/tasks/test-project/rebuild-test-project-fixture.ts +++ b/tasks/test-project/rebuild-test-project-fixture.ts @@ -15,7 +15,7 @@ import { copyFrameworkPackages, } from './frameworkLinking' import { webTasks, apiTasks } from './tui-tasks' -import { isAwaitable } from './typing' +import { isAwaitable, isTuiError } from './typing' import type { TuiTaskDef } from './typing' import { getExecaOptions as utilGetExecaOptions, @@ -140,13 +140,16 @@ async function tuiTask({ step, title, content, task, parent }: TuiTaskDef) { 'stdout:\n' + e.stdout + '\n\n' + 'stderr:\n' + e.stderr, ) } else { + const message = isTuiError(e) ? e.message : '' + tui.displayError( 'Failed ' + title.toLowerCase().replace('...', ''), - e.message, + message || '', ) } - process.exit(e.exitCode) + const exitCode = isTuiError(e) ? e.exitCode : undefined + process.exit(exitCode) } if (isAwaitable(promise)) { @@ -197,11 +200,8 @@ async function tuiTask({ step, title, content, task, parent }: TuiTaskDef) { /** * Function that returns a string to show when skipping the task, or just * true|false to indicate whether the task should be skipped or not. - * - * @param {string} startStep - * @param {string} currentStep */ -function skipFn(startStep, currentStep) { +function skipFn(startStep: string, currentStep: string) { const startStepNrs = startStep.split('.').map((s) => parseInt(s, 10)) const currentStepNrs = currentStep.split('.').map((s) => parseInt(s, 10)) diff --git a/tasks/test-project/tasks.js b/tasks/test-project/tasks.js index 77c995ed7529..b708c0e67cde 100644 --- a/tasks/test-project/tasks.js +++ b/tasks/test-project/tasks.js @@ -388,7 +388,6 @@ async function apiTasks(outputPath, { verbose, linkWithLatestFwBuild }) { await execa( 'yarn rw g dbAuth --no-webauthn --username-label=username --password-label=password', [], - execaOptions, ) // update directive in contacts.sdl.ts diff --git a/tasks/test-project/tui-tasks.js b/tasks/test-project/tui-tasks.ts similarity index 96% rename from tasks/test-project/tui-tasks.js rename to tasks/test-project/tui-tasks.ts index e3354ea4a550..5e6aaffbdf0f 100644 --- a/tasks/test-project/tui-tasks.js +++ b/tasks/test-project/tui-tasks.ts @@ -1,7 +1,11 @@ /* eslint-env node, es2021*/ -//@ts-check -const fs = require('fs') -const path = require('path') + +import fs from 'node:fs' +import path from 'node:path' + +import type { Options as ExecaOptions, ExecaChildProcess } from 'execa' + +import type { TuiTaskList } from './typing.js' const { getExecaOptions: utilGetExecaOptions, @@ -10,18 +14,17 @@ const { exec, } = require('./util') -/** @type {(string) => import('execa').Options} */ -function getExecaOptions(cwd) { +function getExecaOptions(cwd: string): ExecaOptions { return { ...utilGetExecaOptions(cwd), stdio: 'pipe' } } // This variable gets used in other functions // and is set when webTasks or apiTasks are called -let OUTPUT_PATH +let OUTPUT_PATH: string const RW_FRAMEWORK_PATH = path.join(__dirname, '../../') -function fullPath(name, { addExtension } = { addExtension: true }) { +function fullPath(name: string, { addExtension } = { addExtension: true }) { if (addExtension) { if (name.startsWith('api')) { name += '.ts' @@ -34,7 +37,7 @@ function fullPath(name, { addExtension } = { addExtension: true }) { } // TODO: Import from ./util.js when everything is using @rwjs/tui -async function applyCodemod(codemod, target) { +async function applyCodemod(codemod: string, target: string) { const args = [ '--fail-on-error', '-t', @@ -56,14 +59,14 @@ async function applyCodemod(codemod, target) { } /** - * @param {string} cmd The command to run - * @returns {((positionalArguments: string | string[]) => import('execa').ExecaChildProcess) - * & (() => import('execa').ExecaChildProcess)} + * @param cmd The command to run */ -const createBuilder = (cmd) => { +function createBuilder(cmd: string) { const execaOptions = getExecaOptions(OUTPUT_PATH) - return function (positionalArguments) { + return function ( + positionalArguments?: string | string[], + ): ExecaChildProcess { const subprocess = exec( cmd, Array.isArray(positionalArguments) @@ -76,7 +79,10 @@ const createBuilder = (cmd) => { } } -async function webTasks(outputPath, { linkWithLatestFwBuild }) { +export async function webTasks( + outputPath: string, + { linkWithLatestFwBuild }: { linkWithLatestFwBuild: boolean }, +) { OUTPUT_PATH = outputPath const execaOptions = getExecaOptions(outputPath) @@ -84,8 +90,7 @@ async function webTasks(outputPath, { linkWithLatestFwBuild }) { const createPages = async () => { const createPage = createBuilder('yarn redwood g page') - /** @type import('./typing').TuiTaskList */ - const tuiTaskList = [ + const tuiTaskList: TuiTaskList = [ { title: 'Creating home page', task: async () => { @@ -317,8 +322,7 @@ async function webTasks(outputPath, { linkWithLatestFwBuild }) { ) } - /** @type import('./typing').TuiTaskList */ - const tuiTaskList = [ + const tuiTaskList: TuiTaskList = [ { title: 'Creating pages', task: () => createPages(), @@ -389,7 +393,7 @@ async function webTasks(outputPath, { linkWithLatestFwBuild }) { return tuiTaskList } -async function addModel(schema) { +async function addModel(schema: string) { const path = `${OUTPUT_PATH}/api/db/schema.prisma` const current = fs.readFileSync(path, 'utf-8') @@ -397,7 +401,10 @@ async function addModel(schema) { fs.writeFileSync(path, `${current.trim()}\n\n${schema}\n`) } -async function apiTasks(outputPath, { linkWithLatestFwBuild }) { +export async function apiTasks( + outputPath: string, + { linkWithLatestFwBuild }: { linkWithLatestFwBuild: boolean }, +) { OUTPUT_PATH = outputPath const execaOptions = getExecaOptions(outputPath) @@ -714,8 +721,7 @@ export default DoublePage` const generateScaffold = createBuilder('yarn rw g scaffold') - /** @type import('./typing').TuiTaskList */ - const tuiTaskList = [ + const tuiTaskList: TuiTaskList = [ { title: 'Adding post and user model to prisma', task: async () => { @@ -917,11 +923,10 @@ export default DoublePage` * Tasks to add GraphQL Fragments support to the test-project, and some queries * to test fragments */ -async function fragmentsTasks(outputPath) { +export async function fragmentsTasks(outputPath: string) { OUTPUT_PATH = outputPath - /** @type import('./typing').TuiTaskList */ - const tuiTaskList = [ + const tuiTaskList: TuiTaskList = [ { title: 'Enable fragments', task: async () => { @@ -1029,9 +1034,3 @@ async function fragmentsTasks(outputPath) { return tuiTaskList } - -module.exports = { - apiTasks, - webTasks, - fragmentsTasks, -} diff --git a/tasks/test-project/typing.ts b/tasks/test-project/typing.ts index d4b15fb30e89..24d1beced795 100644 --- a/tasks/test-project/typing.ts +++ b/tasks/test-project/typing.ts @@ -16,6 +16,14 @@ export interface TuiTaskDef { task: () => Promise | void } +interface TuiTaskListItem { + title: string + enabled?: boolean | (() => boolean) + task: () => Promise | void +} + +export type TuiTaskList = TuiTaskListItem[] + export function isAwaitable(promise: unknown): promise is Promise { return ( !!promise && @@ -24,3 +32,9 @@ export function isAwaitable(promise: unknown): promise is Promise { typeof promise.then === 'function' ) } + +export function isTuiError( + error: unknown, +): error is { message?: string; exitCode?: number } { + return error instanceof Object +} diff --git a/tasks/tsconfig.json b/tasks/tsconfig.json index 8598869e8c39..c42ff9ecd056 100644 --- a/tasks/tsconfig.json +++ b/tasks/tsconfig.json @@ -2,6 +2,7 @@ "extends": "../tsconfig.compilerOption.json", "compilerOptions": { "moduleResolution": "NodeNext", - "module": "NodeNext" + "module": "NodeNext", + "allowJs": true } }