Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update project dependencies #239

Open
ghost opened this issue Jan 10, 2019 · 1 comment
Open

Update project dependencies #239

ghost opened this issue Jan 10, 2019 · 1 comment
Milestone
2.11.0

Comments

@ghost
Copy link

ghost commented Jan 10, 2019

Issue

There are a couple of vulnerability reports from github and also when you execute npm install (yarn does not seem to report vulnerabilities though)

Solution

  • Update package dependencies to the recommended versions.
  • Test if any of those updated dependencies would break xjs build and docs.
@ghost ghost self-assigned this Jan 12, 2019
@ghost
Copy link
Author

ghost commented Jan 12, 2019
edited by ghost
Loading

npm audit report result:

found 79 vulnerabilities (30 low, 23 moderate, 25 high, 1 critical) in 5666 scanned packages

I'll push a initial commit to a separate branch with the updated packages using npm audit fix

EDIT

After executing npm audit fix, our project still has a couple of vulnerable packages:

found 23 vulnerabilities (14 low, 8 high, 1 critical) in 8892 scanned packages
  23 vulnerabilities require semver-major dependency updates.

@ghost ghost added this to the 2.10.0 milestone Jan 15, 2019
@SML-MeSo SML-MeSo modified the milestones: 2.10.0, 2.11.0 Mar 26, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
2.11.0
Development

No branches or pull requests
1 participant
@SML-MeSo