-
Notifications
You must be signed in to change notification settings - Fork 800
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update minimum PNPM to 8.6.8 #33114
Update minimum PNPM to 8.6.8 #33114
Conversation
Are you an Automattician? Please test your changes on all WordPress.com environments to help mitigate accidental explosions.
Interested in more tips and information?
|
Thank you for your PR! When contributing to Jetpack, we have a few suggestions that can help us test and review your patch:
This comment will be updated as you work on your PR and make changes. If you think that some of those checks are not needed for your PR, please explain why you think so. Thanks for cooperation 🤖 The e2e test report can be found here. Please note that it can take a few minutes after the e2e tests checks are complete for the report to be available. Once your PR is ready for review, check one last time that all required checks (other than "Required review") appearing at the bottom of this PR are passing or skipped. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Works for me. I've been using versions up to 8.7.5 locally (as they've been released and I've noticed new versions available) and haven't seen any issues.
Same. I figure we could bump it up, but I didn't want to conflate the security impact (however small) with an unrelated set of updates. |
Pretty minor, but there's a fixed CVE associated with the version we're calling in for CI and the Docker build. We can bump to 8.7.* too, but scoped this to just resolving the CVE.
Stumbled upon it during a quick security audit.
https://nvd.nist.gov/vuln/detail/CVE-2023-37478
Proposed changes:
Other information:
Jetpack product discussion
n/a
Does this pull request change what data or activity we track or use?
n/a
Testing instructions: