Skip to content
This repository has been archived by the owner on May 16, 2024. It is now read-only.

Fix: Make sure that expect matches the runtime type when instrumented #34

Merged
merged 2 commits into from
Aug 17, 2023
Merged

Fix: Make sure that expect matches the runtime type when instrumented #34

merged 2 commits into from
Aug 17, 2023

Conversation

kasperpeulen
Copy link
Collaborator

@kasperpeulen kasperpeulen commented Aug 16, 2023
edited by github-actions bot
Loading

Closes #32

Change Type

Indicate the type of change your pull request is:

  • maintenance
  • documentation
  • patch
  • minor
  • major

This is a fix, but also in some sense a breaking change...

📦 Published PR as canary version: 0.2.0--canary.34.b637a39.0

✨ Test out this PR locally via:

npm install @storybook/[email protected]
# or 
yarn add @storybook/[email protected]

Version

Published prerelease version: v0.2.0-next.0

Changelog

🎉 This release contains work from new contributors! 🎉

Thanks for all your work!

❤️ Kasper Peulen (@kasperpeulen)

❤️ Homa Wong (@unional)

❤️ Valentin Palkovic (@valentinpalkovic)

❤️ Michael Shilman (@shilman)

❤️ Norbert de Langen (@ndelangen)

❤️ Vanessa Yuen (@vanessayuenn)

Release Notes

Prebundle @storybook/instrumenter package (#27)

This change bundles the @storybook/instrumenter package which fixes dependency conflicts in certain scenarios. It shouldn't impact the functionality of the package itself, but let us know if you experience any issues!

🚀 Enhancement

🐛 Bug Fix

⚠️ Pushed to next

📝 Documentation

Authors: 8

@kasperpeulen kasperpeulen requested a review from yannbf as a code owner August 16, 2023 15:46
@socket-security
Copy link

New dependencies detected. Learn more about Socket for GitHub ↗︎

Packages Version New capabilities Transitives Size Publisher
@types/jest 28.1.3 eval +7 606 kB types
prettier 2.8.8 filesystem, environment +0 11.2 MB prettier-bot

@socket-security
Copy link

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Issue Package Version Note Source
Uses eval @sinclair/typebox 0.24.51

Next steps

What is eval?

Package uses eval() which is a dangerous function. This prevents the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Avoid packages that use eval, since this could potentially execute any code.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore [email protected] bar@* or ignore all packages with @SocketSecurity ignore-all

@yannbf yannbf added the minor Increment the minor version when merged label Aug 16, 2023
yannbf
yannbf approved these changes Aug 16, 2023
View reviewed changes
Copy link
Member

@yannbf yannbf left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is amazing! ❤️

IanVS
IanVS reviewed Aug 16, 2023
View reviewed changes
package.json
@@ -34,6 +35,7 @@
"auto": "^10.37.6",
"util": "^0.12.5",
"expect": "^27.3.1",
"prettier": "^2.8.8",
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This seems unrelated to the other changes here, was it intentional?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah, yeah, I couldn't format my changes! I guess it is okay, to add it.

@kasperpeulen kasperpeulen merged commit b5f7378 into next Aug 17, 2023
@kasperpeulen kasperpeulen deleted the kasper/promisify-expect branch August 17, 2023 08:15
@github-actions github-actions bot added the prerelease This change is available in a prerelease. label Aug 17, 2023
@yannbf yannbf mentioned this pull request Aug 17, 2023
Merged
5 tasks
@github-actions
Copy link

🚀 PR was released in v0.2.0 🚀

@github-actions github-actions bot added released This issue/pull request has been released. and removed prerelease This change is available in a prerelease. labels Aug 17, 2023
@kasperpeulen kasperpeulen mentioned this pull request Aug 21, 2023
Closed
@bryan-codaio bryan-codaio mentioned this pull request Nov 17, 2023
Closed
@rhannachi rhannachi mentioned this pull request Sep 8, 2024
Open
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@IanVS IanVS IanVS left review comments

@yannbf yannbf yannbf approved these changes

Assignees
No one assigned
Labels
minor Increment the minor version when merged released This issue/pull request has been released.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[bug] expect is not a promise
3 participants
@kasperpeulen @yannbf @IanVS