Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Turn off npm default auditing #712

Merged
merged 2 commits into from
Mar 18, 2019
Merged

Turn off npm default auditing #712

merged 2 commits into from
Mar 18, 2019

Conversation

NickColley
Copy link
Contributor

We have decide to avoid showing users of the prototype kit audit messages.

This is because a lot of the low level issues are not easy to fix, and will cause unnecessary worry.

We will prioritise the security alerts we recieve from GitHub's monitoring.

See #699 for the full discussion.

Resolves #699

@govuk-design-system-ci govuk-design-system-ci temporarily deployed to govuk-prototype-kit-pr-712 March 14, 2019 11:48 Inactive
zuzak
zuzak reviewed Mar 18, 2019
View reviewed changes
.npmrc Outdated
@@ -1 +1,2 @@
package-lock=false
audit=false
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

At the risk of being (very) pernickety, there's no new line at the end of this file, which is inconsistent and might cause problems with tooling down the line

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Will sort it, thanks :)

36degrees
36degrees approved these changes Mar 18, 2019
View reviewed changes
Copy link
Contributor

@36degrees 36degrees left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What @zuzak said, but 👍

@NickColley
Turn off npm default auditing
a9c45d6 
We have decide to avoid showing users of the prototype kit audit messages.

This is because a lot of the low level issues are not easy to fix, and will cause unnecessary worry.

We will prioritise the security alerts we recieve from GitHub's monitoring.

See #699 for the full discussion.
@NickColley
Add CHANGELOG entry
b90ae84
@NickColley NickColley merged commit 802ae4a into master Mar 18, 2019
@NickColley NickColley deleted the hide-npm-audit-warnings branch March 18, 2019 13:30
aliuk2012 added a commit that referenced this pull request Apr 2, 2019
@aliuk2012
Release version 8.9.0
327d095 
Features:
- [#713 Bump GOV.UK Frontend to v2.9.0](#713).

Fixes:
- [#697 Only ask for usage permission if TTY](#697). Thanks [zuzak](https://github.com/zuzak) for this contribution.
- [#712 Turn off npm default auditing](#712).
@aliuk2012 aliuk2012 mentioned this pull request Apr 2, 2019
Merged
@36degrees 36degrees mentioned this pull request Jun 4, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zuzak zuzak zuzak left review comments

@36degrees 36degrees 36degrees approved these changes

Assignees
No one assigned
Labels
None yet
Projects
GOV.UK Design System cycle board
Archived in project
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Figure out how to know about npm vulnerabilities before our users do
4 participants
@NickColley @36degrees @zuzak @govuk-design-system-ci