Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update dependencies to pass audit #175

Merged
merged 2 commits into from
Jun 22, 2019
Merged

Update dependencies to pass audit #175

merged 2 commits into from
Jun 22, 2019

Conversation

janlazo
Copy link
Contributor

@janlazo janlazo commented Jun 17, 2019

Report after running npm audit fix and npm dedupe.

=== npm audit security report ===

# Run  npm install --save-dev nightwatch@1.1.12  to resolve 4 vulnerabilities
SEMVER WARNING: Recommended action is a potentially breaking change

  Low             Regular Expression Denial of Service

  Package         debug

  Dependency of   nightwatch [dev]

  Path            nightwatch > mocha-nightwatch > debug

  More info       https://npmjs.com/advisories/534




  Critical        Command Injection

  Package         growl

  Dependency of   nightwatch [dev]

  Path            nightwatch > mocha-nightwatch > growl

  More info       https://npmjs.com/advisories/146




  High            Denial of Service

  Package         http-proxy-agent

  Dependency of   nightwatch [dev]

  Path            nightwatch > proxy-agent > http-proxy-agent

  More info       https://npmjs.com/advisories/607




  High            Denial of Service

  Package         http-proxy-agent

  Dependency of   nightwatch [dev]

  Path            nightwatch > proxy-agent > pac-proxy-agent >
                  http-proxy-agent

  More info       https://npmjs.com/advisories/607



# Run  npm install --save-dev karma@4.1.0  to resolve 1 vulnerability
SEMVER WARNING: Recommended action is a potentially breaking change

  Low             Regular Expression Denial of Service

  Package         braces

  Dependency of   karma [dev]

  Path            karma > expand-braces > braces

  More info       https://npmjs.com/advisories/786



# Run  npm update docsify-server-renderer --depth 2  to resolve 1 vulnerability

  Moderate        Regular Expression Denial of Service

  Package         marked

  Dependency of   docsify-cli [dev]

  Path            docsify-cli > docsify-server-renderer > docsify > marked

  More info       https://npmjs.com/advisories/812




                                 Manual Review
             Some vulnerabilities require your attention to resolve

          Visit https://go.npm.me/audit-guide for additional guidance


  Moderate        Regular Expression Denial of Service

  Package         marked

  Patched in      >=0.6.2

  Dependency of   docsify-cli [dev]

  Path            docsify-cli > docsify > marked

  More info       https://npmjs.com/advisories/812


  Low             Regular Expression Denial of Service

  Package         braces

  Patched in      >=2.3.1

  Dependency of   docsify-cli [dev]

  Path            docsify-cli > livereload > chokidar > anymatch > micromatch
                  > braces

  More info       https://npmjs.com/advisories/786

found 8 vulnerabilities (3 low, 2 moderate, 2 high, 1 critical) in 15959 scanned packages
  run `npm audit fix` to fix 1 of them.
  5 vulnerabilities require semver-major dependency updates.
  2 vulnerabilities require manual review. See the full report for details.

@coveralls
Copy link

coveralls commented Jun 17, 2019
edited
Loading

Coverage Status

Coverage remained the same at 22.172% when pulling 4c50eb9 on janlazo:audit into 22db9a2 on ghettovoice:master.

@janlazo janlazo changed the title WIP: Update dependencies to pass audit Update dependencies to pass audit Jun 17, 2019
@janlazo janlazo changed the title Update dependencies to pass audit [WIP] Update dependencies to pass audit Jun 17, 2019
@janlazo janlazo force-pushed the audit branch 3 times, most recently from 7e874b0 to 4697d8b Compare June 19, 2019 00:23
@janlazo janlazo changed the title [WIP] Update dependencies to pass audit Update dependencies to pass audit Jun 19, 2019
@janlazo janlazo force-pushed the audit branch 3 times, most recently from 4c50eb9 to 4697d8b Compare June 19, 2019 04:19
ghettovoice
ghettovoice approved these changes Jun 22, 2019
View reviewed changes
Copy link
Owner

@ghettovoice ghettovoice left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you!

@ghettovoice ghettovoice merged commit 82193d2 into ghettovoice:master Jun 22, 2019
@janlazo janlazo deleted the audit branch June 22, 2019 15:22
ghettovoice added a commit that referenced this pull request Oct 3, 2019
@ghettovoice
Release v0.11.5
270e8f1 
- resolved #173, #174, #201, #135, #216, #132 #224 #225 #226, #230
- merged of pull requests #160, #175, #180, #185, #188, #191, #206, #208,
  #212, #213, #215, #221, #227, #231
  Thanks to @baspeeters, @sjmallon, @janlazo, @categulario,
  @skymaze, @jemasfox, @owen-thurston, @agmt5989, @RemiDesgrange
- improved property watchers
- optional debug messages
- fixed broken UMD version
- simplified initial interaction/controls setup #95
- added `id` property for all ol components for easy identification
- mixins, ol-ext and rx-ext now are build to single file package,
  imports from those packages are not changed
- UMD version (dev/demo version) now includes all used stuff from `ol`
  package
- updated documentation and README
ghettovoice added a commit that referenced this pull request Oct 3, 2019
@ghettovoice
Release v0.11.5
d2abce1 
- resolved #173, #174, #201, #135, #216, #132 #224 #225 #226, #230
- merged of pull requests #160, #175, #180, #185, #188, #191, #206, #208,
  #212, #213, #215, #221, #227, #231
  Thanks to @baspeeters, @sjmallon, @janlazo, @categulario,
  @skymaze, @jemasfox, @owen-thurston, @agmt5989, @RemiDesgrange
- improved property watchers
- optional debug messages
- fixed broken UMD version
- simplified initial interaction/controls setup #95
- added `id` property for all ol components for easy identification
- mixins, ol-ext and rx-ext now are build to single file package,
  imports from those packages are not changed
- UMD version (dev/demo version) now includes all used stuff from `ol`
  package
- updated documentation and README
This pull request was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ghettovoice ghettovoice ghettovoice approved these changes

Assignees

@janlazo janlazo

Labels
infrastructure
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@janlazo @coveralls @ghettovoice