Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore: ignore js-yaml vuln for 30 days #5108

Merged
merged 1 commit into from
Apr 8, 2019

Conversation

focusaurus
Copy link
Contributor

Impact: minor
Type: chore

Issue

We can't find a quick upgrade path for this js-yaml vuln.

Solution

Ignoring for now so circleci will pass and unrelated work can flow through.

Breaking changes

None

Testing

N/A. If circleci passes, this is working.

- We attempted to upgrade to patched deps, but hit
  problems with jest snapshot tests failing

Signed-off-by: Peter Lyons <pete@reactioncommerce.com>
Copy link
Member

@mikemurray mikemurray left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

tests pass. so... 👍

@mikemurray mikemurray merged commit 65fc7ca into develop Apr 8, 2019
@mikemurray mikemurray deleted the chore-snyk-js-yaml-ignore branch April 8, 2019 20:10
@jeffcorpuz jeffcorpuz mentioned this pull request Jul 2, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants