npm - @heroku/ember-hk-components - Versions diffs - 1.21.3 → 1.21.5 - Mend

@heroku/ember-hk-components 1.21.3 → 1.21.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/.github/workflows/push_dependabot_metadata.yml +18 -0
package/.tool-versions +2 -2
package/CHANGELOG.md +41 -0
package/README.md +9 -0
package/addon/components/async-button.js +10 -3
package/package.json +6 -3
package/pnpm-workspace.yaml +4 -0

package/.github/workflows/push_dependabot_metadata.yml ADDED Viewed

@@ -0,0 +1,18 @@
+name: Send data to Security Alerts
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: '0 10 * * *'
+jobs:
+  send-alerts:
+    runs-on: sfdc-hk-ubuntu-latest
+    steps:
+      - name: Send data to Security Alerts
+        uses: heroku/security-alerts-action@stable
+        with:
+          gh-app-id: ${{ secrets.SECURITY_ALERTS_GH_APP_ID }}
+          gh-app-privkey: ${{ secrets.SECURITY_ALERTS_GH_APP_PRIVKEY }}
+          webhook-url: ${{ secrets.SECURITY_ALERTS_WEBHOOK_URL }}
+          sa-token: ${{ secrets.SECURITY_ALERTS_TOKEN }}

package/.tool-versions CHANGED Viewed

@@ -1,2 +1,2 @@
-nodejs 16.19.0
-yarn 1.22.19
+nodejs 18.20.8
+pnpm 9.15.7

package/CHANGELOG.md CHANGED Viewed

@@ -1,3 +1,44 @@
+## 1.21.5 (2026-01-26)
+#### :house: Internal
+* [#281](https://github.com/heroku/ember-hk-components/pull/281) Resolve markdown-it, qs, systeminformation, and weback vulnerabilities ([@kenyaplenty](https://github.com/kenyaplenty))
+* [#279](https://github.com/heroku/ember-hk-components/pull/279) Chore: Update local development setup ([@kenyaplenty](https://github.com/kenyaplenty))
+#### Committers: 2
+- Kenya ([@kenyaplenty](https://github.com/kenyaplenty))
+- Milad Imen ([@mimen](https://github.com/mimen))
+## 1.21.3 (2025-11-18)
+#### :house: Internal
+* [#266](https://github.com/heroku/ember-hk-components/pull/266) Security: Migrate to PNPM and resolve critical vulnerabilities including babel-traverse ([@barretts](https://github.com/barretts))
+* [#262](https://github.com/heroku/ember-hk-components/pull/262) Update to heroku-24 stack
+* [#252](https://github.com/heroku/ember-hk-components/pull/252) Repository maintenance updates
+* [#251](https://github.com/heroku/ember-hk-components/pull/251) Component inventory migration ([@component-inventory-migration-opex](https://github.com/component-inventory-migration-opex))
+#### :memo: Documentation
+* Updated security documentation with comprehensive vulnerability resolution guide
+* Added `BABEL_TRAVERSE_VULNERABILITY_GUIDE.md` for detailed security mitigation strategies
+#### :boom: Breaking Change
+* Migrated from Yarn to PNPM for package management
+* Updated `ember-changeset-validations` from `^2.x` to `^4.0.0`
+* Updated `ember-cli-babel` from `^6.x` to `^7.26.11`
+**Security Improvements:**
+- Resolved critical babel-traverse vulnerability (CVE-2023-45133)
+- Fixed high-severity vulnerabilities in rollup, json5, ansi-html, braces
+- Implemented strategic package resolutions for transitive dependencies
+- Enhanced dependency security through PNPM's stricter resolution
+**Migration Note:** This version eliminates the babel-traverse vulnerability. Consuming applications should update to this version and run `pnpm install` to benefit from the security fixes.
+#### Committers: 4
+- Barrett ([@barretts](https://github.com/barretts))
+- Kenya Plenty
+- Jennette Heikes
+- Component Inventory Team
 ## 0.21.2 (2023-02-22)
 #### :bug: Bug Fix

package/README.md CHANGED Viewed

@@ -54,6 +54,15 @@ See [ember-hk-components.herokuapp.com](https://ember-hk-components.herokuapp.co
 * `git clone https://github.com/heroku/ember-hk-components`
 * `cd ember-hk-components`
+* Install the required asdf plugins (if not already installed):
+  ```bash
+  asdf plugin add nodejs
+  asdf plugin add pnpm
+  ```
+* Install the correct tool versions:
+  ```bash
+  asdf install
+  ```
 * `pnpm install`
 ### Running

package/addon/components/async-button.js CHANGED Viewed

@@ -1,4 +1,4 @@
-import { getWithDefault, observer, computed, set, get } from '@ember/object';
+import { observer, computed, set, get } from '@ember/object';
 import Component from '@ember/component';
 let positionalParamsMixin = {
@@ -23,7 +23,10 @@ const ButtonComponent = Component.extend(positionalParamsMixin, {
   }),
   click() {
-    let params = getWithDefault(this, 'params', []);
+    let params = get(this, 'params');
+    if (params === undefined) {
+      params = [];
+    }
     let callbackHandler = promise => {
       set(this, 'promise', promise);
     };
@@ -45,7 +48,11 @@ const ButtonComponent = Component.extend(positionalParamsMixin, {
     'fulfilled',
     'rejected',
     function() {
-      return getWithDefault(this, this.textState, get(this, 'default'));
+      let value = get(this, this.textState);
+      if (value === undefined) {
+        value = get(this, 'default');
+      }
+      return value;
     }
   ),

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@heroku/ember-hk-components",
-  "version": "1.21.3",
+  "version": "1.21.5",
   "description": "Ember HK Components",
   "keywords": [
     "ember-addon"
@@ -62,7 +62,7 @@
     "qunit": "^2.19.3",
     "qunit-dom": "^2.0.0",
     "sass": "1.57.1",
-    "webpack": "5.76.0"
+    "webpack": "^5.94.0"
   },
   "changelog": {
     "repo": "heroku/ember-hk-components",
@@ -87,7 +87,10 @@
     "json5": "^2.2.3",
     "lodash.template": "npm:lodash@^4.17.21",
     "rollup": "^4.50.1",
-    "validated-changeset": "1.4.1"
+    "validated-changeset": "1.4.1",
+    "systeminformation": ">=5.27.14",
+    "qs": "^6.14.1",
+    "markdown-it-terminal": "0.3.0"
   },
   "scripts": {
     "build": "ember build",

package/pnpm-workspace.yaml CHANGED Viewed

@@ -1,3 +1,7 @@
+packages:
+  - .
+  - vendor/*
 onlyBuiltDependencies:
   - core-js
   - es5-ext