Fix npm audit vulnerabilities #3899
Conversation
- result of `npm audit fix` and manually removing `stratos-merge-dirs`
|
✅ Hey richard-cox! The commit authors and yourself have already signed the CLA. |
Codecov Report
@@ Coverage Diff @@
## v2-master #3899 +/- ##
==========================================
Coverage 52.21% 52.21%
==========================================
Files 785 785
Lines 23017 23017
Branches 4124 4124
==========================================
Hits 12019 12019
Misses 10998 10998 |
|
We should park this until we upgrade to Angular 8. The issue might come out in the wash. |
KlapTrap
added
on hold
|
Angular upgrade #3920 |
|
@KlapTrap This was raised as a concern by the community. Is there any reason why this shouldn't be merged other than waiting for Angular 8? |
|
@richard-cox @KlapTrap I think we should get this in - but I don't understand the changes to the package lock file. Many dependencies have changed from being explicitly pinned, e.g. "1.9.3" to "^1.9.3" - it would be good to understand why, so we don't have this flip-flopping with PRs. |
|
I agree that we should fix this, I was just going to wait for the angular 8 upgrade. ng updatge will get all of the relevant dependancies to the correct & compatible versions. Having said that, I've done some of the angular 8 migration here; #3950 and It's going to take a while to manually migrate some of the code. So, with that in mind, I don't mind this being merged once everyone is happy. |
KlapTrap
removed
the
on hold
* v3-master: Fix lint & unit tests Fix connect to endpoint subtype Ensure we're passing the correct params to action builders. Removed console logs Ensure endpoint register tiles are ordered correctly Start with empty CustomizationsMetadata Convert CustomizationsMetadata inject into singleton CustomizationService Fix npm audit vulnerabilities (#3899) Remove old ingress docs and add new (#3961) Helm Chart: Add ingress support (#3935) Fix liniting unit tests: added more tests for components and utils Merge pull request #3939 from cloudfoundry-incubator/mysqldb-dev Gate SSO redirect on optional state whitelist (#3933) Add debug info for manage users e2e tests (#3938) Fix metrics issue with multiple k8s endpoints Fix non jetstream requests and other, minor fixes.
* master: (33 commits) Master test fixes (#3992) Fix npm audit error in dev dependency - handlebars used by istanbul & karma-coverage-istanbul-reporter - weird goings on in stratos (npm audit shows handlebars errors), vanilla angular 7 app (shows no handlebars errors) and vanilla angular 8 app (no handlabrs errors). Same istanbul and coverage dependencies in all node_modules directories and same coverage dependency in all apps - In the end fixed via audit's recommendation to `npm update handlebars --depth 4` Some unit test fixes Update versions links in readme Fix v2-master references and goreportcard link Trivial change Address some todo's, make issues for others Remove unused route Fix unit test Reverted the app wall and removed console.log Fix lint & unit tests Fix connect to endpoint subtype Ensure we're passing the correct params to action builders. Removed console logs Ensure endpoint register tiles are ordered correctly Start with empty CustomizationsMetadata Convert CustomizationsMetadata inject into singleton CustomizationService Fix npm audit vulnerabilities (#3899) Remove old ingress docs and add new (#3961) Helm Chart: Add ingress support (#3935) ...
npm audit fixand manually removingstratos-merge-dirs