Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: [#4797] Add recognizers-text packages as vendors #4818

Open
wants to merge 6 commits into
base: main
Choose a base branch
from

Conversation

sw-joelmut
Copy link
Collaborator

Fixes #4797

Description

This PR adds the recognizers-text package as a vendor dependency for BotBuilder libraries.
To achieve this behavior, we compiled the recongizers-text with 1.1.4 version, updated vulnerable dependencies, and add it as a workspace, so they are connected with BotBuilder libraries.
When publishing BotBuilder packages to npm, we created a script that copies all recognizers-text packages related to a specific BotBuilder library, installing related dependencies, and updating compiled code with the copied references.
The script will be executed post updating versions script.

Important

All recognizers-text packages under botbuilder-vendors/vendors have been compiled with tsup, reduced their package.json information, and changed the require statements to match local vendors.

Specific Changes

  • Added recognizers-text packages to depcheck ignores due to now being used as normal dependencies.
  • Updated .gitignore to ignore vendors folder
  • Added localDependencies property to botbuilder-dialogs, dialogs-adaptive, and dialogs-adaptive-testing, containing the recognizers-text dependencies.
  • Updated botbuilder-dialogs i18n require statements because of moving cldr-data folder from vendor to vendors.
  • Updated repo-utils Package interface by adding main and localDependencies properties.
  • Updated repo-utils, adding hasLocalDependencies option to filter only workspaces that have localDependencies properties.
  • Added botbuilder-vendors library containing all recognizers-text vendor packages, each one having the compiled 1.1.4 version and a compacted package.json file.
    • It also contains a script that will be executed after the 'update-versions' script is run, copying selected recognizers-text packages to each BotBuilder library that requires it and update their references in the BotBuilder compiled code.
    • Added botbuilder-vendors/vendors folder to the root package.json workspaces so they are installed and added to the yarn.lock file.

Testing

The following image shows an execution example of the script.
imagen

@sw-joelmut sw-joelmut requested a review from a team as a code owner December 17, 2024 12:51
@coveralls
Copy link

coveralls commented Dec 17, 2024

Pull Request Test Coverage Report for Build 12420517834

Details

  • 10 of 10 (100.0%) changed or added relevant lines in 1 file are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage remained the same at 84.625%

Totals Coverage Status
Change from base Build 12259066809: 0.0%
Covered Lines: 20513
Relevant Lines: 23091

💛 - Coveralls

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Dependency loadsh.trimend is out of date and the dependency has known public CVEs - CVE-2020-28500
2 participants