-
Notifications
You must be signed in to change notification settings - Fork 118
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
address: http://nodesecurity.io/advisories/566 #177
Conversation
42ff8a0
to
94fba37
Compare
rebased and confirmed that no lingering dependencies on hoek: <= had to tweak a couple istanbul ignore statements to keep coverage @ 💯 i also noticed some duplicate boilerplate in our 'karma.conf.js' related to coverage |
162f6a5
to
33ef3de
Compare
i cannot reproduce the slight dip in coverage coveralls is reporting locally. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@jgravois I can't reproduce locally either. This looks good to me!
@jgravois Also FYI your commit is marked as |
AFFECTS PACKAGES: @esri/arcgis-rest-auth @esri/arcgis-rest-demo-vue-with-popup
33ef3de
to
16fd1a7
Compare
nice catch eagle 👁. no clue what was going on there, but a fresh iTerm session and rebase was all it took to get my commits signed again. ✅ |
hapijs/hoek#230
request/request#2748
"gh-release" : "^3.2.1"
bump request to address security vulnerability ungoldman/gh-release#72"gh-release-assets"
bump to resolve security vuln ungoldman/gh-release-assets#5"karma-coveralls": "github:jgravois/karma-coveralls#..."
bump dependency to address security vulnerability caitp/karma-coveralls#40"node-sass": "sass/node-sass#v4.7.0"
Security issue: Prototype pollution attack(Introduced by the request@2.79.0 => hawk@3.1.3 => hoek@2.16.3) sass/node-sass#2288 (comment)"acetate": next
(viabrowser-sync
vialocaltunnel
)fs-events appears to be a false positive fsevents/fsevents#198 (comment)
in demos/vue
"webpack-dev-server": "^3.1.3"
i'll test again after a new
gh-release-assets
tag lands on npm.