Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: npm audit fix #610

Merged
merged 1 commit into from
Mar 19, 2020
Merged

chore: npm audit fix #610

merged 1 commit into from
Mar 19, 2020

Conversation

boolafish
Copy link
Contributor

Note

Got an dependency security alert from Github. Instead of just solving that, runs "npm audit fix" first and luckily the reported issue is covered as well. The reported dependency is minimist. It recommend to use version >= 1.2.2

Test

It is set to ^1.2.5 after npm audit fix.

▶ git show d9765efc91b9f657bc547cb1e85bbe3cc451072a | grep minimist
    luckily the reported issue is covered as well. The reported dependency is minimist. It recommend to use version
    alert: https://github.com/omisego/plasma-contracts/network/alert/plasma_framework/package-lock.json/minimist/open
+            "minimist": "^1.2.5"
+            "minimist": "^1.2.5"
+            "minimist": "^1.2.5"
-            "minimist": "^1.2.0",
-            "minimist": {
-              "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.0.tgz",
-            "minimist": {
-                "minimist": "0.0.8"
-                "minimist": "^1.2.0",
-                "minimist": {
-                "minimist": "^1.2.0"
-            "minimist": {
-              "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.0.tgz",
-        "minimist": {
-          "resolved": "https://registry.npmjs.org/minimist/-/minimist-0.0.8.tgz",
-            "minimist": "0.0.8"
-            "minimist": "~0.0.1",
-            "minimist": "~1.2.0",
-            "minimist": {
-              "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.0.tgz",
     "minimist": {
-      "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.0.tgz",
+      "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.5.tgz",
-        "minimist": "0.0.8"
-        "minimist": {
-          "resolved": "https://registry.npmjs.org/minimist/-/minimist-0.0.8.tgz",
+        "minimist": {
+          "resolved": "https://registry.npmjs.org/minimist/-/minimist-0.0.8.tgz",
+            "minimist": "0.0.8"
-        "minimist": "^1.2.0",
+            "minimist": "^1.2.5"
+            "minimist": "^1.2.5"
+            "minimist": "^1.2.5"

@boolafish
chore: npm audit fix
d9765ef 
Got an dependency security alert from Github. Instead of just solving that, runs "npm audit fix" first and
luckily the reported issue is covered as well. The reported dependency is minimist. It recommend to use version
>= 1.2.2

alert: https://github.com/omisego/plasma-contracts/network/alert/plasma_framework/package-lock.json/minimist/open
@boolafish boolafish requested review from kevsul and pgebal March 18, 2020 07:07
@boolafish boolafish requested a review from thec00n March 18, 2020 09:04
@boolafish boolafish merged commit fe0bd06 into master Mar 19, 2020
@boolafish boolafish deleted the boolafish/remove_dep_alert branch March 19, 2020 04:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@thec00n thec00n thec00n approved these changes

@kevsul kevsul kevsul approved these changes

@pgebal pgebal Awaiting requested review from pgebal

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@boolafish @kevsul @thec00n