Skip to content

Pin dependencies#3729

Merged
rmccar merged 6 commits intomainfrom
pin-dependencies
Sep 12, 2025
Merged

Pin dependencies#3729
rmccar merged 6 commits intomainfrom
pin-dependencies

Conversation

@rmccar
Copy link
Copy Markdown
Contributor

@rmccar rmccar commented Sep 9, 2025
edited
Loading

What is the context of this PR?

Fixes: ONSDESYS-651

This PR pins all the JS dependencies after the recent issue with npm packages being compromised (https://www.aikido.dev/blog/npm-debug-and-chalk-packages-compromised). This is to protect us from any issues if this happens again.

It also pins the dependencies that we use in the GitHub actions to the commit hash for similar reasons just to be sure.

How to review this PR

  • Spin up the DS and check that it still works as expected
  • Fork the repo and check that all GitHub actions still work as expected
  • Run npm ls on the main branch and make sure the versions listed match the ones in this PR

Checklist

This needs to be completed by the person raising the PR.

  • I have selected the correct Assignee
  • I have linked the correct Issue

@netlify
Copy link
Copy Markdown

netlify bot commented Sep 9, 2025
edited
Loading

Deploy Preview for ons-design-system-preview ready!

Name Link
🔨 Latest commit 07d1ae1
🔍 Latest deploy log https://app.netlify.com/projects/ons-design-system-preview/deploys/68c12fb6bd384f0008394355
😎 Deploy Preview https://deploy-preview-3729--ons-design-system-preview.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

@rmccar rmccar changed the title pin dependencies Pin dependencies Sep 9, 2025
@rmccar rmccar self-assigned this Sep 9, 2025
@rmccar rmccar added the Dependencies Pull requests that update a dependency file label Sep 9, 2025
@rmccar rmccar marked this pull request as ready for review September 9, 2025 17:41
@rmccar rmccar requested a review from a team as a code owner September 9, 2025 17:41
@rmccar rmccar merged commit 12b92c6 into main Sep 12, 2025
16 checks passed
@rmccar rmccar deleted the pin-dependencies branch September 12, 2025 10:01
This was referenced Sep 26, 2025
Merged
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@precious-onyenaucheya-ons precious-onyenaucheya-ons precious-onyenaucheya-ons approved these changes

@SriHV SriHV SriHV approved these changes

Assignees

@rmccar rmccar

Labels

Dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@rmccar @precious-onyenaucheya-ons @SriHV