Skip to content

chore: fix xml2js override#12172

Merged
dummdidumm merged 2 commits intomainfrom
fix-xml2js-override
Jun 25, 2024
Merged

chore: fix xml2js override#12172
dummdidumm merged 2 commits intomainfrom
fix-xml2js-override

Conversation

@Conduitry
Copy link
Copy Markdown
Member

@Conduitry Conduitry commented Jun 24, 2024

#10133 didn't actually work. If you look at the lockfile (and at the diff in that PR), we're still on the old version of xml2js. jimp>xml2js only overrides xml2js as a direct dependency of jimp, and it's not a direct dependency. Rather than specifying a precise but correct selector, I'd instead opted to just include a general one and override this dependency generally.

Svelte 5 rewrite

Please note that the Svelte codebase is currently being rewritten for Svelte 5. Changes should target Svelte 5, which lives on the default branch (main).

If your PR concerns Svelte 4 (including updates to svelte.dev.docs), please ensure the base branch is svelte-4 and not main.

Before submitting the PR, please make sure you do the following

  • It's really useful if your PR references an issue where it is discussed ahead of time. In many cases, features are absent for a reason. For large changes, please create an RFC: https://github.com/sveltejs/rfcs
  • Prefix your PR title with feat:, fix:, chore:, or docs:.
  • This message body should clearly illustrate what problems it solves.
  • Ideally, include a test that fails without this PR but passes with it.

Tests and linting

  • Run the tests with pnpm test and lint the project with pnpm lint

@changeset-bot
Copy link
Copy Markdown

changeset-bot bot commented Jun 24, 2024

⚠️ No Changeset found

Latest commit: 14374aa

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@Conduitry
Copy link
Copy Markdown
Member Author

Conduitry commented Jun 24, 2024

Relatedly: I don't know why https://github.com/sveltejs/svelte/security/dependabot/25 was seen as resolved by #11637. Maybe dependabot couldn't parse the new lockfile format and gave up?

@Conduitry Conduitry changed the title chore: fix xml2js overridde chore: fix xml2js override Jun 24, 2024
@dummdidumm dummdidumm merged commit 8910fe1 into main Jun 25, 2024
@dummdidumm dummdidumm deleted the fix-xml2js-override branch June 25, 2024 12:56
FoHoOV pushed a commit to FoHoOV/svelte that referenced this pull request Jun 27, 2024
@Conduitry @FoHoOV
chore: fix xml2js override (sveltejs#12172)
f5b4ec9 
* apply proper xml2js override

* update lockfile
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dummdidumm dummdidumm dummdidumm approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Conduitry @dummdidumm