Skip to content

Fixes after executing socket fix#34

Merged
marcocastignoli merged 1 commit into
stagingfrom
socket-fix-fixes
May 18, 2026
Merged

Fixes after executing socket fix#34
marcocastignoli merged 1 commit into
stagingfrom
socket-fix-fixes

Conversation

@marcocastignoli
Copy link
Copy Markdown
Member

@marcocastignoli marcocastignoli commented May 12, 2026

No description provided.

@netlify
Copy link
Copy Markdown

netlify Bot commented May 12, 2026
edited
Loading

Deploy Preview for verify-sourcify-dev ready!

Name Link
🔨 Latest commit f78d475
🔍 Latest deploy log https://app.netlify.com/projects/verify-sourcify-dev/deploys/6a0af7d5e818b2539716b083
😎 Deploy Preview https://deploy-preview-34--verify-sourcify-dev.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.
🤖 Make changes Run an agent on this branch

To edit notification comments on pull requests, go to your Netlify project configuration.

@marcocastignoli
Copy link
Copy Markdown
Member Author

marcocastignoli commented May 12, 2026

This deploy preview doesn't work, but locally it works fine. @kuzdogan any idea why?

@kuzdogan
Copy link
Copy Markdown
Member

kuzdogan commented May 18, 2026

Hmm no idea I tried deploying it again but it's the same. Does it work locally? If so can you push to staging and observe?

@marcocastignoli marcocastignoli merged commit fcddd9a into staging May 18, 2026
4 checks passed
@marcocastignoli
Copy link
Copy Markdown
Member Author

marcocastignoli commented May 18, 2026

@kuzdogan staging doesn't work, I'm going to revert these changes

@marcocastignoli marcocastignoli mentioned this pull request May 18, 2026
Merged
2 tasks
marcocastignoli added a commit that referenced this pull request May 18, 2026
@marcocastignoli
Revert "fixes from socket fix (#34)" (#35)
3f1c629 
This reverts commit fcddd9a.
@marcocastignoli marcocastignoli mentioned this pull request May 18, 2026
Merged
5 tasks
marcocastignoli added a commit that referenced this pull request May 18, 2026
@marcocastignoli @claude
Fix vulnerable transitive deps (rollup ^4.60.4 to avoid socket fix
50a28c8 
…regression) (#36)

* Pin vulnerable transitive deps via overrides

Address CVEs in 6 transitive deps without using \`socket fix\`:
- bn.js ^5.2.3 (GHSA-378v-28hj-76wf: infinite loop)
- fast-uri ^3.1.2 (high CVE via socket)
- lodash ^4.18.1 (high CVE via socket)
- picomatch ^4.0.4 (high CVE via socket)
- postcss ^8.5.10 (GHSA-qx2v-qp2m-jg93: XSS in stringify)
- rollup ^4.60.4 (high CVE via socket; resolves past 4.59.x
  chunk-assignment bugs that broke the prior \`socket fix\` deploy)

\`socket fix\` (PR #34) chose rollup 4.59.0 — the minimum CVE-safe
version — but 4.59.x has chunk-assignment / chunk-hash-stability
bugs that caused the staging-only continuous-reload regression.
4.60.4 fixes those (release notes: PRs #6362, #6350, etc.).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* Trigger CI

---------

Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@marcocastignoli @kuzdogan