Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: Remove Typeform vulnerable dependencies [EXT-5806] #8954

Merged
merged 23 commits into from
Sep 25, 2024
Merged

chore: Remove Typeform vulnerable dependencies [EXT-5806] #8954

merged 23 commits into from
Sep 25, 2024

Conversation

sarahlessner
Copy link
Contributor

Purpose

Replaces react-scripts with vite, remove emotion old library, remove old forma libraries

@netlify Netlify
Copy link

netlify bot commented Sep 24, 2024
edited
Loading

Deploy Preview for ecommerce-app-base-components canceled.

Name Link
🔨 Latest commit 443ec46
🔍 Latest deploy log https://app.netlify.com/sites/ecommerce-app-base-components/deploys/66f466600620a00008e14e26

@sarahlessner sarahlessner force-pushed the chore/typeform-remove-react-scripts-emotion-forma36-EXT-5806 branch from add698a to 4ac717e Compare September 24, 2024 20:51
@sarahlessner sarahlessner marked this pull request as ready for review September 24, 2024 20:55
@sarahlessner sarahlessner requested a review from a team as a code owner September 24, 2024 20:55
@mgoudy91 mgoudy91 force-pushed the chore/typeform-remove-react-scripts-emotion-forma36-EXT-5806 branch from 765947e to b338107 Compare September 25, 2024 15:54
@wiz-inc-38d59fb8d7
Copy link

wiz-inc-38d59fb8d7 bot commented Sep 25, 2024
edited
Loading

Wiz Scan Summary

Scan Module Critical High Medium Low Info Total
IaC Misconfigurations 0 0 0 0 0 0
Vulnerabilities 0 1 0 0 0 1
Sensitive Data 0 0 0 0 0 0
Secrets 0 0 0 0 0 0
Total 0 1 0 0 0 1

View scan details in Wiz

To detect these findings earlier in the dev lifecycle, try using Wiz Code VS Code Extension.

mgoudy91
mgoudy91 reviewed Sep 25, 2024
View reviewed changes
apps/typeform/frontend/src/Auth/TypeformOAuth.tsx
import { BASE_URL, CLIENT_ID } from '../constants';

interface Props {
sdk?: AppExtensionSDK;
expireSoon?: boolean;
isFullWidth: boolean;
buttonType?: 'primary' | 'positive' | 'negative' | 'muted' | 'naked' | undefined;
buttonType?: 'primary' | 'positive' | 'negative' | 'secondary' | 'transparent' | undefined;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

mgoudy91
mgoudy91 reviewed Sep 25, 2024
View reviewed changes
apps/typeform/frontend/src/constants.ts Outdated
@@ -2,6 +2,6 @@ const SDK_WINDOW_HEIGHT = 450;
const BASE_URL = 'https://api.typeform.com';

// TODO Move to env var
const CLIENT_ID = 'HC3UDnoiaP1UCMqJ7kCAyTFdHrDt8nLtXx4BKRJxom2M';
const CLIENT_ID = '2vyzzT2AjqrtfWKmaigvZjF8oYwUXrJABmcS5WK4MPJg';
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is this intentional?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks actually I should move that back. There's some weird stuff in the instructions where this client ID is pointed to the prodcution app. but why is it just hardcoded like this in the first place? haha there's a TODO around moving stuff to env variables which seems like we should do that eventually but didn't yet. I'd also like to test this one better on staging before merging so let's chat about that later too.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

changed that back and ready for rereview @mgoudy91

mgoudy91
mgoudy91 approved these changes Sep 25, 2024
View reviewed changes
Copy link
Contributor

@mgoudy91 mgoudy91 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm, qq on the client id

@sarahlessner
undo change to constants
2a8dcac
@sarahlessner
Merge branch 'chore/typeform-remove-react-scripts-emotion-forma36-EXT…
58bf903 
…-5806' of github.com:contentful/apps into chore/typeform-remove-react-scripts-emotion-forma36-EXT-5806
@sarahlessner
undo change to constants
2b3d724
@sarahlessner sarahlessner enabled auto-merge (squash) September 25, 2024 19:38
@sarahlessner sarahlessner merged commit 8e106fd into master Sep 25, 2024
16 checks passed
@sarahlessner sarahlessner deleted the chore/typeform-remove-react-scripts-emotion-forma36-EXT-5806 branch September 25, 2024 19:39
david-shibley-contentful pushed a commit that referenced this pull request Sep 25, 2024
@sarahlessner @david-shibley-contentful
chore: Remove Typeform vulnerable dependencies [EXT-5806] (#8954)
ba30bab 
* replace react scripts with vite

* updates jest with vi in tests

* updates emotion

* wip forma changes

* wip forma changes

* tests passing

* update config

* remove console logs

* remove console logs

* replace react scripts with vite

* updates jest with vi in tests

* updates emotion

* wip forma changes

* wip forma changes

* tests passing

* update config

* remove console logs

* remove console logs

* undo change to constants

* undo change to constants
sarahlessner added a commit that referenced this pull request Sep 26, 2024
@sarahlessner
Revert "chore: Remove Typeform vulnerable dependencies [EXT-5806] (#8954
a163867 
)"

This reverts commit 8e106fd.
@sarahlessner sarahlessner mentioned this pull request Sep 26, 2024
Merged
sarahlessner added a commit that referenced this pull request Sep 26, 2024
@sarahlessner
Revert "chore: Remove Typeform vulnerable dependencies [EXT-5806] (#8954
a7239b9 
)" (#8979)

This reverts commit 8e106fd.
@sarahlessner sarahlessner restored the chore/typeform-remove-react-scripts-emotion-forma36-EXT-5806 branch September 27, 2024 20:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mgoudy91 mgoudy91 mgoudy91 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@sarahlessner @mgoudy91