Comments (14)
yangshun
commented on April 26, 2024
1
Btw @sshhdaniella is saying that he will be helping to do the migration. On our end we just need to review.
from fbt.
yangshun
commented on April 26, 2024
1
Option 2. @sshhdaniella will do the migration, we (Docusaurus side + FBT) will review together
from fbt.
yangshun
commented on April 26, 2024
1
Hey @jrwats, for those Docusaurus 1 security vulnerabilities, I've fixed them upstream and upgrading your Docusaurus version would get rid of them. You could do that first in the meanwhile.
from fbt.
yangshun
commented on April 26, 2024
from fbt.
jrwats
commented on April 26, 2024
Embeddable interactive React components within markdown via MDX
Yes! I've been wanting to add our demo app to the docs! https://i.giphy.com/3o6ZteX8cqJRH4TwQ0.gif
from fbt.
jrwats
commented on April 26, 2024
Sorry are we
- Supposed to do this migration and have you/Daniella review, or
- is @sshhdaniella doing this migration with your review?
Either way it'll be nice to have embedded React
from fbt.
jrwats
commented on April 26, 2024
Awesome
from fbt.
jrwats
commented on April 26, 2024
@sshhdaniella, what does your timeline look like for this? I ask because we have 2 vulnerabilities from the packages remarkable <= 1.7.1 and underscore.string < 3.3.5 that are only brought in due to Docusaurus v1.
from fbt.
jrwats
commented on April 26, 2024
It looks like docusaurus v1.14.0 still depends on [email protected].
Does this actually fix the security vulnerability? The issue I have says there's "No fix version known"
Package name: remarkable
Affected versions: <= 1.7.1
Fixed in version: (No fix version known)
CVE: CVE-2019-12043
Reference: https://nvd.nist.gov/vuln/detail/CVE-2019-12043
from fbt.
jrwats
commented on April 26, 2024
@yangshun remarkable 1.7.4 is still bringing in underscore.string too
from fbt.
yangshun
commented on April 26, 2024
@sshhdaniella I'm freeing up this issue for others to take up since we have not gotten a response from you. Let us know if you're still interested.
from fbt.
yangshun
commented on April 26, 2024
@jrwats apologies for the mistake, it's weird that only fbt is seeing the vulnerability. I'll try to get someone to migrate fbt or even do it myself so that the vulnerability goes away.
For the most part, most security vulnerabilities are low-signal and since docusaurus produces statically generated sites, the severity is smaller.
from fbt.
endiliey
commented on April 26, 2024
try running yarn upgrade to recreate lockfile. also make sure to update to latest version of docusaurus
from fbt.
dtaylorbrown
commented on April 26, 2024
@yangshun Hi, apologies for the delay. I've recently gotten married and have since been away and taken some time off. Yes, please feel free to re-assign, I most likely won't get the time in the coming weeks to work on this.
from fbt.
Related Issues (20)
- Documentation: how to format plural Localizable.strings in iOS
- Provide simple debug mode HOT 5
- No published version of babel-plugin-fbt since 0.13.0-beta HOT 2
- Remove fbjs dependency HOT 2
- Feature: publish eslint rules to help promote better Fbt API usage practices HOT 1
- Fix Support for Shared Enum Typescript/ES6 Import/export syntax with Babel 7 HOT 3
- Can't install FBT with npm HOT 1
- node-fetch vulnerability transitive from isomorphic-fetch HOT 3
- Unable to install react-native-fbt in expo SDK 45 bare workflow #33797 HOT 7
- Bug: unable to extract `intlList`
- Vite support HOT 1
- React 18 support
- unexpected pluralization behavior
- RTC-Folly outdated with lastest react native version (0.70.1) HOT 2
- Ols
- react-native-fbt not working on lastest React Native version (0.70.6) HOT 3
- Make `fbt` work with other compilers like SWC HOT 2
- New release? HOT 2
- fbt.plural manifest is wrong in --react-native-mode
- Copyright and footer logo needs to be updated
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from fbt.