solid-start: [Bug?]: Types error with Vinxi
Duplicates
- I have searched the existing issues
Latest version
- I have tested the latest version
Current behavior 😯
Actually when I want to check types, I have :
node_modules/.pnpm/@solidjs+start@0.5.10_solid-js@1.8.15_vinxi@0.3.3_vite@5.1.4/node_modules/@solidjs/start/server/fetchEvent.ts:3:3 - error TS2724: '"vinxi/http"' has no exported member named 'HTTPEvent'. Did you mean 'isHTTPEvent'?
3 HTTPEvent,
~~~~~~~~~
node_modules/.pnpm/vinxi@0.3.3_@types+node@20.11.20_preact@10.19.6_sass@1.70.0_terser@5.27.0/node_modules/vinxi/runtime/http-types.d.ts:136:17
136 export function isHTTPEvent(input: any): input is HTTPEvent;
~~~~~~~~~~~
'isHTTPEvent' is declared here.
node_modules/.pnpm/@solidjs+start@0.5.10_solid-js@1.8.15_vinxi@0.3.3_vite@5.1.4/node_modules/@solidjs/start/server/pageEvent.ts:28:9 - error TS2322: Type 'FetchEvent & { manifest: object; assets: string[]; router: { submission: any[] | { url: any; result: any; input: any[]; }; }; routes: any[]; $islands: Set<string>; }' is not assignable to type 'PageEvent'.
The types of 'router.submission' are incompatible between these types.
Type 'any[] | { url: any; result: any; input: any[]; }' is not assignable to type 'Submission<any, any>'.
Type 'any[]' is missing the following properties from type 'Submission<any, any>': input, pending, url, clear, retry
28 const pageEvent: PageEvent = Object.assign(ctx, {
~~~~~~~~~
Found 2 errors in 2 files.
Errors Files
1 node_modules/.pnpm/@solidjs+start@0.5.10_solid-js@1.8.15_vinxi@0.3.3_vite@5.1.4/node_modules/@solidjs/start/server/fetchEvent.ts:3
1 node_modules/.pnpm/@solidjs+start@0.5.10_solid-js@1.8.15_vinxi@0.3.3_vite@5.1.4/node_modules/@solidjs/start/server/pageEvent.ts:28
Expected behavior 🤔
No types error
Steps to reproduce 🕹
Steps:
- Generate from a solid-start template
- Update vinxi to 0.3.3
- pnpm tsc
Context 🔦
Actually, Vinxi 0.2.1 have a critical security error with vite version, and i want to patch it with the latest version :
pnpm
audit vinxi
┌─────────────────────┬────────────────────────────────────────────────────────┐
│ high │ Vite dev server option `server.fs.deny` can be │
│ │ bypassed when hosted on case-insensitive filesystem │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Package │ vite │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Vulnerable versions │ >=4.0.0 <=4.5.1 │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Patched versions │ >=4.5.2 │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Paths │ . > @solidjs/start@0.5.7 > │
│ │ @vinxi/plugin-directives@0.2.0 > vinxi@0.2.1 > │
│ │ @vinxi/devtools@0.2.0 > @preact/preset-vite@2.8.1 > │
│ │ @prefresh/vite@2.4.5 > vite@4.5.0 │
│ │ │
│ │ . > @solidjs/start@0.5.7 > │
│ │ @vinxi/plugin-directives@0.2.0 > vinxi@0.2.1 > │
│ │ @vinxi/devtools@0.2.0 > @preact/preset-vite@2.8.1 > │
│ │ vite@4.5.0 │
│ │ │
│ │ . > @solidjs/start@0.5.7 > │
│ │ @vinxi/plugin-directives@0.2.0 > vinxi@0.2.1 > │
│ │ @vinxi/devtools@0.2.0 > vite-plugin-inspect@0.7.42 > │
│ │ vite@4.5.0 │
│ │ │
│ │ ... Found 36 paths, run `pnpm why vite` for more │
│ │ information │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ More info │ https://github.com/advisories/GHSA-c24v-8rfc-w8vw │
└─────────────────────┴────────────────────────────────────────────────────────┘
┌─────────────────────┬────────────────────────────────────────────────────────┐
│ moderate │ Vite XSS vulnerability in `server.transformIndexHtml` │
│ │ via URL payload │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Package │ vite │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Vulnerable versions │ =4.5.0 │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Patched versions │ >=4.5.1 │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Paths │ . > @solidjs/start@0.5.7 > │
│ │ @vinxi/plugin-directives@0.2.0 > vinxi@0.2.1 > │
│ │ @vinxi/devtools@0.2.0 > @preact/preset-vite@2.8.1 > │
│ │ @prefresh/vite@2.4.5 > vite@4.5.0 │
│ │ │
│ │ . > @solidjs/start@0.5.7 > │
│ │ @vinxi/plugin-directives@0.2.0 > vinxi@0.2.1 > │
│ │ @vinxi/devtools@0.2.0 > @preact/preset-vite@2.8.1 > │
│ │ vite@4.5.0 │
│ │ │
│ │ . > @solidjs/start@0.5.7 > │
│ │ @vinxi/plugin-directives@0.2.0 > vinxi@0.2.1 > │
│ │ @vinxi/devtools@0.2.0 > vite-plugin-inspect@0.7.42 > │
│ │ vite@4.5.0 │
│ │ │
│ │ ... Found 36 paths, run `pnpm why vite` for more │
│ │ information │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ More info │ https://github.com/advisories/GHSA-92r3-m2mg-pj97 │
└─────────────────────┴────────────────────────────────────────────────────────┘
Your environment 🌎
NAME="Pop!_OS"
VERSION="22.04 LTS"
ID=pop
ID_LIKE="ubuntu debian"
PRETTY_NAME="Pop!_OS 22.04 LTS"
VERSION_ID="22.04"
HOME_URL="https://pop.system76.com"
SUPPORT_URL="https://support.system76.com"
BUG_REPORT_URL="https://github.com/pop-os/pop/issues"
PRIVACY_POLICY_URL="https://system76.com/privacy"
VERSION_CODENAME=jammy
UBUNTU_CODENAME=jammy
LOGO=distributor-logo-pop-os
About this issue
- Original URL
- State: closed
- Created 4 months ago
- Comments: 16 (7 by maintainers)
Commits related to this issue
- update ts, fix #1346 flash types — committed to AirBorne04/solid-start by ryansolid 4 months ago
- Squashed commit of the following: commit f5ec449f4df13c0f74613cb305c5f06c38778af6 Author: Ryan Carniato <ryansolid@gmail.com> Date: Wed Mar 6 10:44:27 2024 -0800 update config to anticipate Vi... — committed to solidjs/solid-start by ryansolid 4 months ago
I can confirm the commit fix the issue ! Thanks !
It seems error is still present :
If you check the context section, Patched version >=4.5.2
Yes i know but as i say on the issue, the version of vite have a security issue so maybe we need to have an update to update to latest vinxi and vite