Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Resolving security vulnerabilities in dependent packages #9

Closed
lirantal opened this issue Apr 21, 2019 · 1 comment Β· Fixed by #13
Closed

Resolving security vulnerabilities in dependent packages #9

lirantal opened this issue Apr 21, 2019 · 1 comment Β· Fixed by #13

Comments

@lirantal
Copy link
Contributor

Really nice work on this project David! Congrats πŸŽ‰

What you did:

  • I forked the repository
  • Connected it with snyk.io
  • Observed the security scan results

What happened:

Great stuff here: Dockerfile uses alpine βœ… Server-side code doesn't use any packages with known vulnerabilities βœ…

However I found several vulnerabilities on the frontend related code:

image

Problem description:

When cloning the project for personal use, Snyk alerts me of security vulnerabilities.

Suggested solution:

Some of the security vulnerabilities reported on dependent packages can be resolved by using newer versions of them (so an update to the lockfile is needed).
@boyney123 boyney123 mentioned this issue Apr 21, 2019
Merged
@boyney123
Copy link
Owner

Thanks @lirantal πŸ™‡ πŸ‘

I have attempted to fix it in # 13, would be great if you could review it?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Updated the docker files, and package-locks boyney123/mockit
2 participants
@lirantal @boyney123