Skip to content

Commit a405147

Browse files
authored
Merge branch 'main' into fix/TURBO-5147-next-vulnerability
2 parents 2acb2f2 + df27a84 commit a405147

File tree

17 files changed

+469
-166
lines changed

17 files changed

+469
-166
lines changed

.github/workflows/test-js-packages.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -70,7 +70,7 @@ jobs:
7070
# to run when turbo core changes. This job (`js_packages`) does not run on turborpeo core
7171
# changes, and we don't want to enable that beahvior for _all_ our JS packages.
7272
run: |
73-
TURBO_API= turbo run check-types test build package-checks --filter="!turborepo-repository" --filter={./packages/*}...[${{ github.event.pull_request.base.sha || 'HEAD^1' }}] --color --env-mode=strict
73+
TURBO_API= turbo run check-types test build package-checks --filter="!turborepo-repository" --filter="!@turbo/coverage-reporter" --filter={./packages/*}...[${{ github.event.pull_request.base.sha || 'HEAD^1' }}] --color --env-mode=strict
7474
env:
7575
NODE_VERSION: ${{ matrix.node-version }}
7676

.github/workflows/turborepo-test.yml

Lines changed: 21 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -26,6 +26,7 @@ jobs:
2626
with-svelte-example: ${{ steps.filter.outputs.with-svelte-example }}
2727
with-tailwind-example: ${{ steps.filter.outputs.with-tailwind-example }}
2828
rest: ${{ steps.filter.outputs.rest }}
29+
rust: ${{ steps.filter.outputs.rust }}
2930
native-lib: ${{ steps.filter.outputs.native-lib }}
3031
steps:
3132
- name: Checkout
@@ -107,11 +108,25 @@ jobs:
107108
echo "No changes outside examples/ and docs/ directories"
108109
fi
109110
111+
# Detect if Rust/core code changed (requires Rust tests + integration tests)
112+
# This excludes JS-only changes like packages/*, lockfile, etc.
113+
RUST_PATTERNS="^(crates/|cli/|Cargo\.|rust-toolchain|\.cargo/|turborepo-tests/)"
114+
RUST_CHANGES=$(echo "$CHANGED_FILES" | grep -E "$RUST_PATTERNS" || true)
115+
116+
if [ -n "$RUST_CHANGES" ]; then
117+
echo "rust=true" >> $GITHUB_OUTPUT
118+
echo "Rust/core changes detected:"
119+
echo "$RUST_CHANGES"
120+
else
121+
echo "rust=false" >> $GITHUB_OUTPUT
122+
echo "No Rust/core changes detected (JS-only change)"
123+
fi
124+
110125
generate-integration-test-matrix:
111126
name: Generate integration test matrix
112127
needs:
113128
- find-changes
114-
if: ${{ needs.find-changes.outputs.rest == 'true' }}
129+
if: ${{ needs.find-changes.outputs.rust == 'true' }}
115130
runs-on: ubuntu-latest
116131
timeout-minutes: 30
117132
outputs:
@@ -142,7 +157,7 @@ jobs:
142157
- generate-integration-test-matrix
143158
runs-on: ${{ matrix.os.runner }}
144159
timeout-minutes: 30
145-
if: ${{ needs.find-changes.outputs.rest == 'true' && needs.generate-integration-test-matrix.result == 'success' }}
160+
if: ${{ needs.find-changes.outputs.rust == 'true' && needs.generate-integration-test-matrix.result == 'success' }}
146161
env:
147162
SCCACHE_BUCKET: turborepo-sccache
148163
SCCACHE_REGION: us-east-2
@@ -221,7 +236,7 @@ jobs:
221236
name: "@turbo/types codegen check"
222237
needs:
223238
- find-changes
224-
if: ${{ needs.find-changes.outputs.rest == 'true' }}
239+
if: ${{ needs.find-changes.outputs.rust == 'true' }}
225240
runs-on: ubuntu-latest
226241
timeout-minutes: 30
227242
steps:
@@ -265,7 +280,7 @@ jobs:
265280
timeout-minutes: 30
266281
needs:
267282
- find-changes
268-
if: ${{ needs.find-changes.outputs.rest == 'true' }}
283+
if: ${{ needs.find-changes.outputs.rust == 'true' }}
269284
name: Rust testing on ${{ matrix.os.name }} (partition ${{ matrix.partition }}/2)
270285
env:
271286
SCCACHE_BUCKET: turborepo-sccache
@@ -334,7 +349,7 @@ jobs:
334349
timeout-minutes: 45
335350
needs:
336351
- find-changes
337-
if: ${{ needs.find-changes.outputs.rest == 'true' }}
352+
if: ${{ needs.find-changes.outputs.rust == 'true' }}
338353
name: Rust testing on ubuntu (partition ${{ matrix.partition }}/2)
339354
env:
340355
SCCACHE_BUCKET: turborepo-sccache
@@ -408,7 +423,7 @@ jobs:
408423
needs:
409424
- find-changes
410425
- rust_test_ubuntu
411-
if: ${{ needs.find-changes.outputs.rest == 'true' }}
426+
if: ${{ needs.find-changes.outputs.rust == 'true' }}
412427
env:
413428
COVERAGE_API_URL: ${{ secrets.COVERAGE_API_URL }}
414429
steps:

package.json

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,11 @@
22
"name": "turbo-monorepo",
33
"version": "0.0.0",
44
"private": true,
5+
"pnpm": {
6+
"overrides": {
7+
"fast-xml-parser": ">=5.3.4"
8+
}
9+
},
510
"scripts": {
611
"build": "turbo run build",
712
"build:turbo": "pnpm run --filter=cli build",
@@ -28,7 +33,7 @@
2833
"lint-staged": "13.1.0",
2934
"oxfmt": "^0.23.0",
3035
"oxlint": "^1.35.0",
31-
"semver": "7.5.0",
36+
"semver": "7.5.2",
3237
"typescript": "5.5.4"
3338
},
3439
"lint-staged": {

packages/create-turbo/package.json

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
{
22
"name": "create-turbo",
3-
"version": "2.8.1",
3+
"version": "2.8.2-canary.0",
44
"description": "Create a new Turborepo",
55
"homepage": "https://turborepo.dev",
66
"license": "MIT",
@@ -43,7 +43,7 @@
4343
"@types/semver": "7.3.12",
4444
"jest": "29.7.0",
4545
"ts-jest": "29.2.5",
46-
"tsup": "6.7.0",
46+
"tsup": "8.5.1",
4747
"typescript": "5.5.4"
4848
},
4949
"files": [

packages/eslint-config-turbo/package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
{
22
"name": "eslint-config-turbo",
3-
"version": "2.8.1",
3+
"version": "2.8.2-canary.0",
44
"type": "commonjs",
55
"description": "ESLint config for Turborepo",
66
"license": "MIT",

packages/eslint-plugin-turbo/package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
{
22
"name": "eslint-plugin-turbo",
3-
"version": "2.8.1",
3+
"version": "2.8.2-canary.0",
44
"description": "ESLint plugin for Turborepo",
55
"keywords": [
66
"turbo",

packages/turbo-codemod/package.json

Lines changed: 2 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
{
22
"name": "@turbo/codemod",
3-
"version": "2.8.1",
3+
"version": "2.8.2-canary.0",
44
"description": "Provides Codemod transformations to help upgrade your Turborepo codebase when a feature is deprecated.",
55
"homepage": "https://turborepo.dev",
66
"license": "MIT",
@@ -21,7 +21,6 @@
2121
"lint:prettier": "prettier -c . --cache --ignore-path=../../.prettierignore"
2222
},
2323
"dependencies": {
24-
"axios": "0.27.2",
2524
"commander": "9.5.0",
2625
"diff": "5.1.0",
2726
"find-up": "4.1.0",
@@ -56,7 +55,7 @@
5655
"plop": "3.1.1",
5756
"semver": "7.5.0",
5857
"ts-jest": "29.2.5",
59-
"tsup": "6.7.0",
58+
"tsup": "8.5.1",
6059
"typescript": "5.5.4"
6160
},
6261
"files": [

packages/turbo-codemod/src/commands/migrate/steps/getLatestVersion.ts

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,3 @@
1-
import axios from "axios";
21
import type { MigrateCommandOptions } from "../types";
32

43
const DEFAULT_REGISTRY = "https://registry.npmjs.org";
@@ -16,10 +15,11 @@ async function getPackageDetails({ packageName }: { packageName: string }) {
1615
process.env.npm_config_registry?.replace(/\/$/, "") || DEFAULT_REGISTRY;
1716

1817
try {
19-
const result = await axios.get<PackageDetailsResponse>(
20-
`${registry}/${packageName}`
21-
);
22-
return result.data;
18+
const response = await fetch(`${registry}/${packageName}`);
19+
if (!response.ok) {
20+
throw new Error(`HTTP ${response.status}`);
21+
}
22+
return (await response.json()) as PackageDetailsResponse;
2323
} catch (err) {
2424
throw new Error(`Unable to fetch the latest version of ${packageName}`);
2525
}

packages/turbo-gen/package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
{
22
"name": "@turbo/gen",
3-
"version": "2.8.1",
3+
"version": "2.8.2-canary.0",
44
"description": "Extend a Turborepo",
55
"type": "commonjs",
66
"homepage": "https://turborepo.dev",

packages/turbo-ignore/package.json

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
{
22
"name": "turbo-ignore",
3-
"version": "2.8.1",
3+
"version": "2.8.2-canary.0",
44
"description": "",
55
"homepage": "https://turborepo.dev",
66
"keywords": [],
@@ -38,7 +38,7 @@
3838
"commander": "11.0.0",
3939
"jest": "29.7.0",
4040
"ts-jest": "29.2.5",
41-
"tsup": "5.12.9",
41+
"tsup": "8.5.1",
4242
"typescript": "5.5.4"
4343
}
4444
}

0 commit comments

Comments
 (0)