Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: 🐛 fix proposal submit issue #11107

Merged
merged 10 commits into from
Jan 7, 2025
Merged

fix: 🐛 fix proposal submit issue #11107

merged 10 commits into from
Jan 7, 2025

Conversation

chef-ryan
Copy link
Contributor

@chef-ryan chef-ryan commented Jan 3, 2025


PR-Codex overview

This PR focuses on enhancing the CreateProposal component in the voting system by integrating react-hook-form for form management, adding new translations, and improving the handling of proposal submissions.

Detailed summary

  • Added react-hook-form for form management in CreateProposal.
  • Introduced new translations in translations.json.
  • Added spaceAtom for managing space data.
  • Enhanced error handling for form submissions.
  • Updated date and time handling for proposal start and end.
  • Improved voting power display with tooltips.
  • Wrapped CreateProposal in a suspense component for better loading UX.

✨ Ask PR-Codex anything about this PR by commenting with /codex {your question}

Copy link

changeset-bot bot commented Jan 3, 2025

⚠️ No Changeset found

Latest commit: bb68a0b

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

Copy link

vercel bot commented Jan 3, 2025

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
aptos-web ✅ Ready (Inspect) Visit Preview 💬 Add feedback Jan 7, 2025 9:28am
blog ✅ Ready (Inspect) Visit Preview 💬 Add feedback Jan 7, 2025 9:28am
bridge ✅ Ready (Inspect) Visit Preview 💬 Add feedback Jan 7, 2025 9:28am
games ✅ Ready (Inspect) Visit Preview 💬 Add feedback Jan 7, 2025 9:28am
gamification ✅ Ready (Inspect) Visit Preview 💬 Add feedback Jan 7, 2025 9:28am
uikit ✅ Ready (Inspect) Visit Preview 💬 Add feedback Jan 7, 2025 9:28am
web ✅ Ready (Inspect) Visit Preview 💬 Add feedback Jan 7, 2025 9:28am
1 Skipped Deployment
Name Status Preview Comments Updated (UTC)
ton ⬜️ Skipped (Inspect) Jan 7, 2025 9:28am

Copy link

socket-security bot commented Jan 6, 2025

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/[email protected] environment 0 1.03 MB vercel-release-bot
npm/[email protected] filesystem 0 95.7 kB aleclarson
npm/[email protected] environment, network 0 141 kB lpinca

View full report↗︎

Copy link

socket-security bot commented Jan 6, 2025

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert Package NoteSourceCI
High CVE npm/[email protected] 🚫
Environment variable access npm/[email protected] 🚫
Environment variable access npm/[email protected] 🚫
Environment variable access npm/[email protected] 🚫
Environment variable access npm/[email protected] 🚫
Environment variable access npm/[email protected] 🚫
Environment variable access npm/[email protected] 🚫
Filesystem access npm/[email protected] 🚫
High CVE npm/[email protected] 🚫
Filesystem access npm/[email protected] 🚫
Environment variable access npm/[email protected] 🚫
Environment variable access npm/[email protected] 🚫
Environment variable access npm/[email protected] 🚫
Environment variable access npm/[email protected] 🚫
Environment variable access npm/[email protected] 🚫
Environment variable access npm/[email protected] 🚫
Environment variable access npm/[email protected] 🚫
Environment variable access npm/[email protected] 🚫
Environment variable access npm/[email protected] 🚫
Environment variable access npm/[email protected] 🚫
Filesystem access npm/[email protected] 🚫
Environment variable access npm/[email protected] 🚫
Environment variable access npm/[email protected] 🚫
Environment variable access npm/[email protected] 🚫
Environment variable access npm/[email protected] 🚫
Environment variable access npm/[email protected] 🚫
Environment variable access npm/[email protected] 🚫
Environment variable access npm/[email protected] 🚫
Environment variable access npm/[email protected] 🚫
Environment variable access npm/[email protected] 🚫
Environment variable access npm/[email protected] 🚫
Environment variable access npm/[email protected] 🚫
Environment variable access npm/[email protected] 🚫
Environment variable access npm/[email protected] 🚫
Environment variable access npm/[email protected] 🚫
Environment variable access npm/[email protected] 🚫
Environment variable access npm/[email protected] 🚫
Environment variable access npm/[email protected] 🚫
Environment variable access npm/[email protected] 🚫
Environment variable access npm/[email protected] 🚫
Environment variable access npm/[email protected] 🚫
Environment variable access npm/[email protected] 🚫
Environment variable access npm/[email protected] 🚫
Environment variable access npm/[email protected] 🚫
Environment variable access npm/[email protected] 🚫
Environment variable access npm/[email protected] 🚫

View full report↗︎

Next steps

What is a CVE?

Contains a high severity Common Vulnerability and Exposure (CVE).

Remove or replace dependencies that include known high severity CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies.

What is environment variable access?

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Packages should be clear about which environment variables they access, and care should be taken to ensure they only access environment variables they claim to.

What is filesystem access?

Accesses the file system, and could potentially read sensitive data.

If a package must read the file system, clarify what it will read and ensure it reads only what it claims to. If appropriate, packages can leave file system access to consumers and operate on data passed to it instead.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/[email protected] or ignore all packages with @SocketSecurity ignore-all

@chef-ryan chef-ryan force-pushed the fix/proposal-submit branch from 0db0e3e to 8346471 Compare January 7, 2025 08:58
pnpm-lock.yaml Outdated
@@ -15353,7 +15389,7 @@ packages:
engines: {node: '>=2.0.0'}

[email protected]:
resolution: {integrity: sha512-OpZ3zP+jT1PI7I8nemJX4AKmAX070ZkYPVWV/AaKTJl+tXCTGyVdC1a4SL8RUQYEwk/f34ZX8UTykN68FwrqAA==}
resolution: {integrity: sha512-OpZ3zP+jT1PI7I8nemJX4AKmAX070ZkYPVWV/AaKTJl+tXCTGyVdC1a4SL8RUQYEwk/f34ZX8UTykN68FwrqAA==, tarball: https://registry.npmmirror.com/statuses/-/statuses-1.5.0.tgz}
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lets remove the tarball field, it might cause conflicts depending on the which local machine creates/updates the pnpm lock file

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fixed ,but why babel/core changed?

Copy link
Collaborator

@memoyil memoyil Jan 7, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can you revert lock file to develop and re-run the install? In my local it doesnt get changed

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeal.. i reverted and prune the cache.. stil this

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

did you run clean? babel core dev deps assertion comes from hooks and uikit packages

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it is ok, there was an issue related to theme switch related babel core version sometimes but preview looks ok. it can be merged

@chef-ryan chef-ryan merged commit 59903f9 into develop Jan 7, 2025
19 of 20 checks passed
@chef-ryan chef-ryan deleted the fix/proposal-submit branch January 7, 2025 15:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants