Upgrade vulnerable MarkBind dependencies #788
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What is the purpose of this pull request? (put "X" next to an item, remove the rest)
• [X] Other, please explain: upgrading dependencies
Part of #461.
What is the rationale for this request?
npm audit
(avaliable fromnpm >= 6.0.0
) returns 434 vulnerabilities in our dependencies. We should upgrade vulnerable packages to remove these vulnerabilities.Full results here.
What changes did you make? (Give an overview)
chokidar
: 1.6.1 → 2.1.5live-server
: 1.2.0 → 1.2.1gh-pages
: 1.1.0 → 2.0.1fastmatter
: 2.0.1 → 2.1.0nunjucks
: 3.0.0 → 3.2.0markdown-it-table-of-contents
: 0.3.2 → 0.4.3eslint
: 4.16.0 → 5.15.3jest
: 22.4.3 → 24.5.0lodash
: 4.17.5 → 4.17.11eslint
config packages, as there are rule specifications that have changed/deprecated between theeslint
versions:eslint-config-airbnb-base
: 12.1.0 → 13.1.0eslint-plugin-import
: 2.8.0 → 2.16.0eslint-plugin-lodash
: 2.6.1 → 5.1.0.eslintrc.js
to accommodate our current coding style and disableno-else-return
andimplicit-arrow-linebreak
as we do not currently follow these rules.sort-import
rule (package dependencies before local dependencies).Is there anything you'd like reviewers to focus on?
.eslintrc.js
suitable now that we have updated our configs?Testing instructions:
npm audit
returns 0 vulnerabilities.