Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix issues with npm security #793

Merged
merged 4 commits into from
Aug 10, 2021
Merged

Fix issues with npm security #793

merged 4 commits into from
Aug 10, 2021

Conversation

Thomas-Boi
Copy link
Member

@Thomas-Boi Thomas-Boi commented Aug 10, 2021
edited
Loading

Fixes

  • Addressed the security issues that I can. Here's the latest audit
    image
  • The issues that are left can't be fixed by me. The modules listed (yargs and glob-parent) are used by gulp's latest version and there's nothing I can do to upgrade them. Luckily, since the scripts don't accept user inputs, we should never run into any issues as listed by npm audit
  • This also added gulp-footer, which will be used by my upcoming seleniumUpgrade. There's no usage of it yet, I just added the package to see if I need to address any security

Test
Here's the latest script testing the sass modules.
image

Notes
This took a while because it requires the socketio fix and the open-gl fix.
Also, when you accept this PR, rename the commit to "Close #763: Update NPM packages". I want to see if this closes the listed commit automatically when we merge it into master.

@Thomas-Boi Thomas-Boi added devops Use this label for devops related enhancements enhancement dependencies Pull requests that update a dependency file labels Aug 10, 2021
Panquesito7
Panquesito7 approved these changes Aug 10, 2021
View reviewed changes
Copy link
Member

@Panquesito7 Panquesito7 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't know too much about this (better let @amacado review this), but it LGTM. 👍

@amacado amacado merged commit cab25d5 into develop Aug 10, 2021
@amacado amacado deleted the thomas/feature/npmUpgrade branch August 10, 2021 08:51
@amacado
Copy link
Member

amacado commented Aug 10, 2021

Thanks for the update @Thomas-Boi! Very good pull request description! 👍🏻

@Thomas-Boi Thomas-Boi mentioned this pull request Aug 14, 2021
Merged
@amacado amacado mentioned this pull request Aug 14, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Panquesito7 Panquesito7 Panquesito7 approved these changes

@amacado amacado amacado approved these changes

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file devops Use this label for devops related enhancements enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Thomas-Boi @amacado @Panquesito7