-
Notifications
You must be signed in to change notification settings - Fork 3.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: 🐛 fix proposal submit issue #11107
Conversation
|
The latest updates on your projects. Learn more about Vercel for Git ↗︎
1 Skipped Deployment
|
New and removed dependencies detected. Learn more about Socket for GitHub ↗︎
|
🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎ To accept the risk, merge this PR and you will not be notified again. Next stepsWhat is a CVE?Contains a high severity Common Vulnerability and Exposure (CVE). Remove or replace dependencies that include known high severity CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies. What is environment variable access?Package accesses environment variables, which may be a sign of credential stuffing or data theft. Packages should be clear about which environment variables they access, and care should be taken to ensure they only access environment variables they claim to. What is filesystem access?Accesses the file system, and could potentially read sensitive data. If a package must read the file system, clarify what it will read and ensure it reads only what it claims to. If appropriate, packages can leave file system access to consumers and operate on data passed to it instead. Take a deeper look at the dependencyTake a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev. Remove the packageIf you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency. Mark a package as acceptable riskTo ignore an alert, reply with a comment starting with
|
7c4a95c
to
8878ca2
Compare
0db0e3e
to
8346471
Compare
pnpm-lock.yaml
Outdated
@@ -15353,7 +15389,7 @@ packages: | |||
engines: {node: '>=2.0.0'} | |||
|
|||
[email protected]: | |||
resolution: {integrity: sha512-OpZ3zP+jT1PI7I8nemJX4AKmAX070ZkYPVWV/AaKTJl+tXCTGyVdC1a4SL8RUQYEwk/f34ZX8UTykN68FwrqAA==} | |||
resolution: {integrity: sha512-OpZ3zP+jT1PI7I8nemJX4AKmAX070ZkYPVWV/AaKTJl+tXCTGyVdC1a4SL8RUQYEwk/f34ZX8UTykN68FwrqAA==, tarball: https://registry.npmmirror.com/statuses/-/statuses-1.5.0.tgz} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lets remove the tarball field, it might cause conflicts depending on the which local machine creates/updates the pnpm lock file
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
fixed ,but why babel/core changed?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
can you revert lock file to develop and re-run the install? In my local it doesnt get changed
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeal.. i reverted and prune the cache.. stil this
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
did you run clean? babel core dev deps assertion comes from hooks and uikit packages
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think it is ok, there was an issue related to theme switch related babel core version sometimes but preview looks ok. it can be merged
PR-Codex overview
This PR focuses on enhancing the
CreateProposal
component in the voting system by integratingreact-hook-form
for form management, adding new translations, and improving the handling of proposal submissions.Detailed summary
react-hook-form
for form management inCreateProposal
.translations.json
.spaceAtom
for managing space data.CreateProposal
in a suspense component for better loading UX.