Logan/eng 469 fix tinacms dependency vulnerabilities

[logan-anderson]

Updates deps to remove vulnerabilities.

One known issue.

When updating next I get this warning

warn  - ../../node_modules/.pnpm/node-fetch@2.6.7/node_modules/node-fetch/lib/index.js
Module not found: Can't resolve 'encoding' in '/Users/logananderson-forestry-mac/dev/tinacms/tinacms/node_modules/.pnpm/node-fetch@2.6.7/node_modules/node-fetch/lib'

It does not seem to effect anything.

[linear]

ENG-469 Fix tinacms dependency vulnerabilities

A user in Discord pointed out we have some dependency vulnerabilities:
https://discord.com/channels/835168149439643678/1006697414213767288/1006701434793885826

https://github.com/tinacms/tinacms/security/dependabot?page=1&q=is%3Aopen
This shows up on a banner on the repo as well.

Screen Shot 2022-08-10 at 8.40.51 AM.png

[changeset-bot]

🦋 Changeset detected

Latest commit: a14bdc4

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 13 packages

Name	Type
@tinacms/auth	Patch
@tinacms/graphql	Patch
@tinacms/toolkit	Patch
create-tina-app	Patch
next-tinacms-cloudinary	Patch
tinacms	Patch
@tinacms/starter	Patch
@tinacms/cli	Patch
@tinacms/app	Patch
starter-basic	Patch
starter-empty	Patch
kitchen-sink-starter	Patch
kitchen-sink	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[github-actions]

	Warnings
⚠️	packages/tinacms was modified but its README.md was not updated. Please check if any changes should be reflected in the documentation.
⚠️	packages/next-tinacms-cloudinary was modified but its README.md was not updated. Please check if any changes should be reflected in the documentation.
⚠️	packages/create-tina-app was modified but its README.md was not updated. Please check if any changes should be reflected in the documentation.
⚠️	packages/@tinacms/graphql was modified but its README.md was not updated. Please check if any changes should be reflected in the documentation.
⚠️	packages/@tinacms/cli was modified but its README.md was not updated. Please check if any changes should be reflected in the documentation.
⚠️	packages/@tinacms/auth was modified but its README.md was not updated. Please check if any changes should be reflected in the documentation.

Modified Packages

The following packages were modified by this pull request:

• @tinacms/auth
• @tinacms/cli
• @tinacms/graphql
• create-tina-app
• next-tinacms-cloudinary
• tinacms

Generated by 🚫 dangerJS against a14bdc4

[jeffsee55]

When updating next I get this warning

We should probably make sure we understand why that's happening. Might be related node-fetch/node-fetch#675.

[logan-anderson]

When updating next I get this warning

We should probably make sure we understand why that's happening. Might be related node-fetch/node-fetch#675.

@jeffsee55 I think that is the issue

[logan-anderson]

Some key things to review for the PR

• Local image uploads
• cloudinary image uploads
• General next.js stuff (does the site load, does getStaticProps work, any more warning messages or errors, etc)
• Editing a file, click save and see if the changed file is updated in the file system.
• Make sure svg's still load in tina-cloud-starter

[kldavis4]

@logan-anderson there are some conflicts with main - you want to resolve before we validate this?

[logan-anderson]

@logan-anderson there are some conflicts with main - you want to resolve before we validate this?

@kldavis4 I have update it. Good catch

[kldavis4]

@logan-anderson

when I run yarn build in tina-cloud-starter in the monorepo I get:

../../node_modules/.pnpm/cloudinary@1.30.0/node_modules/cloudinary/lib-es5/utils/index.js
Critical dependency: the request of a dependency is an expression

Import trace for requested module:
../../node_modules/.pnpm/cloudinary@1.30.0/node_modules/cloudinary/lib-es5/cloudinary.js
../../node_modules/.pnpm/cloudinary@1.30.0/node_modules/cloudinary/cloudinary.js
../../packages/next-tinacms-cloudinary/dist/handlers.js
./pages/api/cloudinary/[...media].tsx

../../node_modules/.pnpm/cloudinary@1.30.0/node_modules/cloudinary/lib/utils/index.js
Critical dependency: the request of a dependency is an expression

Import trace for requested module:
../../node_modules/.pnpm/cloudinary@1.30.0/node_modules/cloudinary/lib/cloudinary.js
../../node_modules/.pnpm/cloudinary@1.30.0/node_modules/cloudinary/cloudinary.js
../../packages/next-tinacms-cloudinary/dist/handlers.js
./pages/api/cloudinary/[...media].tsx

It looks like the build succeeds, so not sure if this is an issue. In the main branch, it fails completely

[kldavis4]

@logan-anderson

• local image uploads seem to be working normally in the tina-cloud-starter
• cloudinary image uploads don't seem to be currently testable due to: https://linear.app/tina/issue/ENG-485/cloudinary-not-working-in-tina-cloud-starter-in-monorepo
• nextjs stuff seems to be working normally
• editing a file works. Creating a new file wasn't testable due to: https://linear.app/tina/issue/ENG-484/create-document-in-tina-cloud-starter-monorepo-fails
• svgs seem to load as normal in the tina-cloud-starter

[kldavis4]

Everything in the validation list is now working for me.

@jamespohalloran do we need to make corresponding changes in the standalone tina-cloud-starter repo?

[jamespohalloran]

Everything in the validation list is now working for me.

@jamespohalloran do we need to make corresponding changes in the standalone tina-cloud-starter repo?

Yep I think all our starters will have to upgrade next, and tinacms once this is out