-
-
Notifications
You must be signed in to change notification settings - Fork 9.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix cpy vulnerabilities #18471
Fix cpy vulnerabilities #18471
Conversation
☁️ Nx Cloud ReportCI is running/has finished running commands for commit 845a3e3. As they complete they will appear below. Click to see the status, the terminal output, and the build insights. 📂 See all runs for this branch ✅ Successfully ran 1 targetSent with 💌 from NxCloud. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@kevcube thanks for the PR! Unfortunately it's breaking the build since it's pure ESM but being imported in a CJS file.
I think you can get around this via an asynchronous import, something like:
const copy = await import('cpy');
await cpy(defaultFavIcon, options.outputDir);
Can you please give that a try in all the places cpy
is used in the code (I believe they are all async context). Thanks!
@shilman fixed the tests! The import statement was correct, which was confusing me. It ended up being something with promise resolution. |
@shilman I was wrong about fixing the tests, I just got past the one error that was blocking me. When using async import, typescript gives me this error:
|
@kevcube you can't import it at the top of the file, you should import it inside the async function where it's used. can you give that a try? pretty sure it will work. |
@shilman its not working, I've gotten the dynamic import working inside the file, but the tests still aren't passing and I'm not sure why - I've tried a lot of changes with the tsconfig trying to get it to compile to an import rather than a require.. but no dice |
@kevcube OK i'll give it a try and will report back. Thanks!!! |
@shilman yeah, the error in the build is the same error I was getting locally. I tried a lot of things to fix but couldn't figure it out. Any ideas? |
Issue: cpy 8 has npm audit vulnerabilities
What I did
upgrade to cpy 9.0.1
use
flatten: true
in places where one file is being copiedremove
parents: true
because that's the new default behaviorHow to test
If your answer is yes to any of these, please make sure to include it in your PR.