Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

04/22/2022 - npm vulnerabilities #542

Closed
phenggeler opened this issue Apr 22, 2022 · 6 comments
Closed

04/22/2022 - npm vulnerabilities #542

phenggeler opened this issue Apr 22, 2022 · 6 comments
Assignees
@macfarlandian @Catacola @hobuobi @phenggeler @lilidworkin
Labels
Due this month. Subject: Vulnerability Team: Justice Counts

Comments

@phenggeler
Copy link
Contributor

due: 2022-05-22

Please address the Dependabot npm vulnerabilities in this repository.
@phenggeler
Copy link
Contributor Author

@hobuobi / @macfarlandian / @Catacola - we had a nearly 50 NPM vulnerabilities hit this repo this week. Would you please make sure these are addressed in the next 30 days. Thanks!

@phenggeler
Copy link
Contributor Author

@phenggeler - label applied: Due this month.

@phenggeler phenggeler self-assigned this Apr 23, 2022
@macfarlandian
Copy link
Collaborator

I think (but others may disagree) that @lilidworkin and her team should be the primary assignees for Dependabot issues in this repo from now on, as they are starting to take over more ownership of Spotlight? I don't mind looking into these though if they need the support, it seems to be mostly the usual false positives anyway

@lilidworkin
Copy link
Contributor

I'm fine with that! Can I get some context on what this is / how to address these / what I should be looking for, etc?

@lilidworkin lilidworkin self-assigned this May 2, 2022
@lilidworkin lilidworkin mentioned this issue May 6, 2022
Merged
8 tasks
@lilidworkin
Copy link
Contributor

All alerts have either been resolved through upgrades, or dismissed because there is no easy fix and risk is tolerable.

@phenggeler
Copy link
Contributor Author

Thanks @lilidworkin

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@macfarlandian macfarlandian

@Catacola Catacola

@hobuobi hobuobi

@phenggeler phenggeler

@lilidworkin lilidworkin

Labels
Due this month. Subject: Vulnerability Team: Justice Counts
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@macfarlandian @Catacola @hobuobi @phenggeler @lilidworkin