Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade website dependencies for better security #759

Open
roll opened this issue Apr 12, 2022 · 3 comments
Open

Upgrade website dependencies for better security #759

roll opened this issue Apr 12, 2022 · 3 comments
Labels
general

Comments

@roll
Copy link
Member

roll commented Apr 12, 2022

Overview

There is a few issues - https://github.com/frictionlessdata/website/security/dependabot
@roll roll added the bug label Apr 12, 2022
@aivuk
Copy link
Contributor

aivuk commented Apr 12, 2022

I did update most of what was possible, but the biggest problem now (the high level security issue) is that the security packages are dependencies from Vuepress. I did update Vuepress to the latest 1 major version, but looks like they fixed it only on Vuepress 2. The migration to Vuepress is not straightforward, specially because the plugin from vuepress 1 are not compatible and we are using 6 plugins.

@roll
Copy link
Member Author

roll commented Apr 12, 2022

Thanks @aivuk!

I'll move it to the backlog

@roll roll unassigned aivuk Apr 12, 2022
@roll roll added general and removed bug labels Apr 12, 2022
@roll roll changed the title Upgrade dependencies for better security Upgrade website dependencies for better security Sep 12, 2022
@roll roll transferred this issue from frictionlessdata/website Sep 12, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
general
Projects
Open Knowledge
Status: No status
Milestone
No milestone
Development

No branches or pull requests
2 participants
@aivuk @roll