Skip to content

/ sync

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update deps with `npm audit fix` #282

Merged
merged 1 commit into from Feb 19, 2019
Merged

Update deps with `npm audit fix` #282

merged 1 commit into from Feb 19, 2019

Conversation

@bsclifton
Copy link
Member

bsclifton commented Feb 15, 2019

Resolves this warning (found via npm audit):

┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High          │ Prototype Pollution                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ handlebars                                                   │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ istanbul [dev]                                               │
├───────────────┼──────────────────────────────────────────────────────────────┤
  1 Update deps with `npm audit fix`
│ Path          │ istanbul > handlebars                                        │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/755                       │
└───────────────┴──────────────────────────────────────────────────────────────┘
@bsclifton bsclifton self-assigned this Feb 15, 2019
@bsclifton bsclifton requested review from SergeyZhukovsky and darkdh Feb 15, 2019
@SergeyZhukovsky
SergeyZhukovsky reviewed Feb 15, 2019
View changes
Copy link
Member

SergeyZhukovsky left a comment

++ But we need the same fix in staging branch. We use diff branches for production and for staging.
@SergeyZhukovsky
Copy link
Member

SergeyZhukovsky commented Feb 15, 2019

travis is failing as well!
@darkdh
darkdh requested changes Feb 15, 2019
View changes
Copy link
Member

darkdh left a comment

please do not submit PR directly into master
Current branch:
staging branch(staging)
master branch(production)

You will have to submit PR to staging first and then after it is merged you use merge commit to open PR against master.
@bsclifton
Update deps with `npm audit fix`
Verified
This commit was signed with a verified signature.
bsclifton Brian Clifton
GPG key ID: 50ED18CA5C4C0F73 Learn about signing commits
Loading status checks…
39d7307
@bsclifton bsclifton force-pushed the sync-fix-deps branch from df2db70 to 39d7307 Feb 18, 2019
@bsclifton bsclifton changed the base branch from master to staging Feb 18, 2019
@bsclifton
Copy link
Member Author

bsclifton commented Feb 18, 2019

@darkdh OK great - updated 👍
@darkdh
darkdh approved these changes Feb 18, 2019
View changes
@SergeyZhukovsky
SergeyZhukovsky approved these changes Feb 19, 2019
View changes
Copy link
Member

SergeyZhukovsky left a comment

++
@bsclifton bsclifton merged commit 3fae96b into staging Feb 19, 2019
1 check passed
1 check passed
continuous-integration/travis-ci/push The Travis CI build passed
Details
@bsclifton bsclifton deleted the sync-fix-deps branch Feb 19, 2019
bsclifton added a commit that referenced this pull request Feb 19, 2019
@bsclifton
Merge pull request #282 from brave/sync-fix-deps
Verified
This commit was signed with a verified signature.
bsclifton Brian Clifton
GPG key ID: 50ED18CA5C4C0F73 Learn about signing commits
Loading status checks…
af90efc 
Update deps with `npm audit fix`
@bsclifton bsclifton mentioned this pull request Feb 19, 2019
Merged
@bsclifton
Copy link
Member Author

bsclifton commented Feb 19, 2019

@darkdh per your comment above- I merged and then cherry-picked the merge commit into a branch based on master. Here's the PR:
#283
bsclifton added a commit that referenced this pull request Feb 19, 2019
@bsclifton
Merge pull request #283 from brave/sync-fix-deps-master
Verified
This commit was created on GitHub.com and signed with a verified signature using GitHub’s key.
GPG key ID: 4AEE18F83AFDEB23 Learn about signing commits
Loading status checks…
a8b5938 
Merge pull request #282 from brave/sync-fix-deps
@bsclifton bsclifton mentioned this pull request Feb 19, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@darkdh darkdh

@SergeyZhukovsky SergeyZhukovsky

Assignees

@bsclifton bsclifton

Labels
None yet
Projects
None yet
Milestone
No milestone
Linked issues

Successfully merging this pull request may close these issues.

None yet

3 participants
@bsclifton @SergeyZhukovsky @darkdh
You can’t perform that action at this time.