-
-
Notifications
You must be signed in to change notification settings - Fork 2.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update collection2 #5253
base: main
Are you sure you want to change the base?
Update collection2 #5253
Conversation
Update collection2 to v3.5 and all related packages and schemas
As a side-effect other packages were also updated. If tests start failing then I will try to force them back. |
New dependencies detected. Learn more about Socket for GitHub ↗︎
|
The server tests run fine. Having some issues with running the client tests. Doesn't seem though that |
With these changes, at browser inspect console, I get these warnings/errors, when I register, login and try to create new board:
|
Yes, tests at I have also removed eslint, prettier, etc that just cause additional too many changes. |
As this came up on a merged branch as well, I'm sure the mutation event vs observer warning is not part of these works, but represents a vendor dependency which has moved in slab/quill#2030 (after some digging into links) points to |
Also maybe of interest is that the quill eventual fix, was to silence the warning / error. |
Figured out the schema issue. Will review the changes and fix things up. |
@xet7 fixed now. |
Got stuck on sign-up due to the after action throwing errors due to undefined objects.
I will try to find some more time to do more testing and fixing. |
Did few more fixes, but had a different error locally than you. |
When I do this:
|
I added this PR and |
@xet7 feel free to push into this branch. |
🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎ To accept the risk, merge this PR and you will not be notified again.
Next stepsWhat is an install script?Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts. Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead. Take a deeper look at the dependencyTake a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev. Remove the packageIf you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency. Mark a package as acceptable riskTo ignore an alert, reply with a comment starting with
|
I will try to push to the new simple-schema Meteor package next time. Hopefully that is going to help. |
Update collection2 to v3.5 and all related packages and schemas. It was way outdated.
Also added few Mongo imports and updated one createIndex while at it.