Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Dep. - Update vulnerable dependencies ('AVA', 'json-schema') #98

Closed
5 tasks done
elycruz opened this issue Jul 20, 2022 · 1 comment
Closed
5 tasks done

Dep. - Update vulnerable dependencies ('AVA', 'json-schema') #98

elycruz opened this issue Jul 20, 2022 · 1 comment
Assignees
Labels
dependencies Pull requests that update a dependency file enhancement

Comments

@elycruz
Copy link
Owner

elycruz commented Jul 20, 2022

We need to upgrade currently vulnerable dependencies in the repo - Latest npm audit shows to vulnerabilities one critical and another moderate which should be updated.

Additionally part of the dependencies upgrade solves an issue with installing the latest version of the plugin on *nix systems (see issue #97 ).

Acceptance Criteria

Perform required updates:

  • Run npm audit fix on repo.
  • Upgrade 'ava' version to a minimum of 4.3.1.
    • Take a look at "Breaking Changes" section, in AVA 4 release notes
    • Fix tests which break after update.
    • Make required changes from (AVA 4) release notes.
@elycruz elycruz self-assigned this Jul 20, 2022
@elycruz elycruz added enhancement dependencies Pull requests that update a dependency file labels Jul 20, 2022
elycruz added a commit that referenced this issue Jul 20, 2022
- Updated 'ava' package version.
elycruz added a commit that referenced this issue Jul 20, 2022
- Added '@ava/typescript' module to package (required by latest version of AVA).
- Updated tests to follow new syntax for 'after', and 'before, methods.
elycruz added a commit that referenced this issue Jul 20, 2022
elycruz added a commit that referenced this issue Jul 20, 2022
… message.

- Ran auto format on 'clean-and-run' script.
elycruz added a commit that referenced this issue Jul 20, 2022
elycruz added a commit that referenced this issue Jul 21, 2022
- Updated 'SassImporterResult' type to match Sass's 'LegacyImporterResult' - We had defined our type because the version of sass the library using, and sass versions users might be using, did not/may not contain this type (so basically our type was that type but slightly imprecise (we had both 'file?:...', and 'content?:...'  as part of the same interface, but actually they need to be separate ones (:-))).
elycruz added a commit that referenced this issue Jul 21, 2022
issue-#97 and #98 - Fix vulnerable dependencies
elycruz added a commit that referenced this issue Jul 21, 2022
elycruz added a commit that referenced this issue Jul 21, 2022
elycruz added a commit that referenced this issue Jul 21, 2022
- Updated package version.
elycruz added a commit that referenced this issue Jul 21, 2022
@elycruz
Copy link
Owner Author

elycruz commented Jul 21, 2022

Issue fixed in #99 - Changes published in release https://github.com/differui/rollup-plugin-sass/releases/tag/1.12.13 .

@elycruz elycruz closed this as completed Jul 21, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file enhancement
Projects
None yet
Development

No branches or pull requests

1 participant