Skip to content

chore: 🤖 update tmp package to 0.2.5 #3026

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 7 commits into from
Nov 19, 2025
Merged

chore: 🤖 update tmp package to 0.2.5 #3026

merged 7 commits into from
Nov 19, 2025
+24 −40

Conversation

@cameronperera
Copy link
Collaborator

@cameronperera cameronperera commented Oct 7, 2025
edited
Loading

Description

Test release
This is to resolve a dependabot alert.

Screenshots (if appropriate)

How to Test

Checklist

  • I have added before and after screenshots for UI changes
  • I have added JSON response output for API changes
  • I have added steps to reproduce and test for bug fixes in the description
  • I have commented on my code, particularly in hard-to-understand areas
  • My changes generate no new warnings
  • I have added tests that prove my fix is effective or that my feature works
  • I have added a11y-tests label to run a11y audit tests if needed

PCI review checklist

  • I have documented a clear reason for, and description of, the change I am making.
  • If applicable, I've documented a plan to revert these changes if they require more than reverting the pull request.
  • If applicable, I've documented the impact of any changes to security controls.
    Examples of changes to security controls include using new access control methods, adding or removing logging pipelines, etc.

@vercel
Copy link

vercel bot commented Oct 7, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Preview Comments Updated (UTC)
boundary-ui Ready Ready Preview Comment Nov 19, 2025 11:23pm
boundary-ui-desktop Ready Ready Preview Comment Nov 19, 2025 11:23pm

@cameronperera cameronperera added the a11y-tests Runs our a11y tests when label added to PR label Oct 8, 2025
@cameronperera cameronperera self-assigned this Oct 8, 2025
@hashicc
Copy link
Collaborator

hashicc commented Oct 9, 2025
edited
Loading

Looks like the test release failed on signing without the right format for the tag.

If you check with pnpm why -r tmp it looks like we still have plenty of tmp versions that are left not upgraded. I think we might need to add a manual resolution to force a later version in the root package.json and one in the electron-app/package.json.

It looks like there weren't any breaking changes in changelog, but the readme has a mention of breaking changes. The breaking changes seem reasonable and likely to not affect us but with the number it's hard to be sure. I think what you did with running the builds and one for the desktop app is the way to go. Given that tmp is a node package it can only really be running within our builds for admin, desktop, or possibly as part of the electron-app but this doesn't look like it's an issue:

devDependencies:
@electron-forge/maker-deb 7.8.1
└─┬ electron-installer-debian 3.2.0
  └─┬ electron-installer-common 0.10.4
    └─┬ tmp-promise 3.0.3
      └── tmp 0.2.5

@cameronperera
Copy link
Collaborator Author

cameronperera commented Nov 17, 2025

Looks like the test release failed on signing without the right format for the tag.

If you check with pnpm why -r tmp it looks like we still have plenty of tmp versions that are left not upgraded. I think we might need to add a manual resolution to force a later version in the root package.json and one in the electron-app/package.json.

It looks like there weren't any breaking changes in changelog, but the readme has a mention of breaking changes. The breaking changes seem reasonable and likely to not affect us but with the number it's hard to be sure. I think what you did with running the builds and one for the desktop app is the way to go. Given that tmp is a node package it can only really be running within our builds for admin, desktop, or possibly as part of the electron-app but this doesn't look like it's an issue:

devDependencies:
@electron-forge/maker-deb 7.8.1
└─┬ electron-installer-debian 3.2.0
  └─┬ electron-installer-common 0.10.4
    └─┬ tmp-promise 3.0.3
      └── tmp 0.2.5

Thanks for the comment @hashicc. I did not use the -r flag and missed a bunch clearly. I updated the lock files now that I have added the override and will trigger another test build.

@cameronperera cameronperera marked this pull request as ready for review November 18, 2025 16:07
@cameronperera cameronperera requested a review from a team as a code owner November 18, 2025 16:07
@cameronperera cameronperera removed the a11y-tests Runs our a11y tests when label added to PR label Nov 19, 2025
@cameronperera cameronperera merged commit dd0c5df into main Nov 19, 2025
17 of 18 checks passed
@cameronperera cameronperera deleted the tmp-dep-update branch November 19, 2025 23:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ZedLi ZedLi ZedLi approved these changes

@hashicc hashicc hashicc approved these changes

Assignees

@cameronperera cameronperera

Labels

desktop ui

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@cameronperera @hashicc @ZedLi