New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Upgrade node.js dependency version to fix potential security vulnerability in biojs/sniper #16

Open
rowlandm opened this Issue Jan 2, 2018 · 2 comments

Comments

Projects
None yet
3 participants
@rowlandm

rowlandm commented Jan 2, 2018

---------- Forwarded message ----------
From: GitHub notifications@github.com
Date: Fri, Dec 29, 2017 at 9:53 AM
Subject: [biojs/sniper] One of your dependencies may have a security vulnerability
To: biojs/sniper sniper@noreply.github.com
Cc: Security alert security_alert@noreply.github.com

rowlandm,
We found a potential security vulnerability in one of the dependencies used by a repository that you contribute to.

@biojs
biojs/sniper
Known high severity security vulnerability detected in ecstatic < 2.0.0 defined in package.json.
package.json update suggested: ecstatic ~> 2.0.0.
Always verify the validity and compatibility of suggestions with your codebase.
Review vulnerable dependency

@yochannah yochannah changed the title from Potential security vulnerability in biojs/sniper to Upgrade dependency version to fix potential security vulnerability in biojs/sniper Jan 13, 2018

@yochannah yochannah changed the title from Upgrade dependency version to fix potential security vulnerability in biojs/sniper to Upgrade node.js dependency version to fix potential security vulnerability in biojs/sniper Jan 13, 2018

@yochannah

This comment has been minimized.

yochannah commented Jan 13, 2018

To pick this task up

  1. Leave a comment on the issue saying you're interested in picking it up!
  2. Fork the sniper package and upgrade the dependency version for the package ecstatic to be at least version 2.0.0. If any errors come up, try to fix them.
  3. Run through the commands in the sniper readme and make sure they all still work as described.
  4. Make a PR to get your changed merged into the sniper package, and bask in your glory. You are awesome.

If you need help

Comment on the issue if you need help and aren't sure what to do. Feel free to mention @yochannah - or pop by our gitter chat

@WVik

This comment has been minimized.

WVik commented Jan 15, 2018

@wilzbach Hello! I was working on this issue but I'm stuck. I partly understand how the CLI works. To get an idea of how sniper works, I locally tried playing around with this repo: https://github.com/wilzbach/msa
Will I have to create my own snippet and render it after changing package.json to test whether everything is working fine or not?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment