Skip to content
This repository has been archived by the owner on May 22, 2024. It is now read-only.

Patch 'devDependencies' #458

Closed
1 task
Tracked by #137
lbeaufort opened this issue Oct 29, 2019 · 0 comments · Fixed by #459
Closed
1 task
Tracked by #137

Patch 'devDependencies' #458

lbeaufort opened this issue Oct 29, 2019 · 0 comments · Fixed by #459
Assignees
@rfultz
Labels
Security: general General security concern or issue
Milestone
Sprint 10.5

Comments

@lbeaufort
Copy link
Member

lbeaufort commented Oct 29, 2019
edited

We should patch 'devDependencies' with flagged vulnerabilities. These most likely not an issue but we should stay on top of them. We can test with GitHub admin interface or Snyk cli.

Completion criteria:

  • Check each of the current 10 vulnerabilities through any one of our security catcher things

Vulnerabilities in GitHub (other tools might be different)

  1. handlebars
  2. lodash.mergewith
  3. underscore.string
  4. is-my-json-valid
  5. js-yaml
  6. tunnel-agent
  7. jquery
  8. extend
  9. cached-path-relative
  10. lodash
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@rfultz rfultz

Labels
Security: general General security concern or issue
Projects
None yet
Milestone
Sprint 10.5
Development

Successfully merging a pull request may close this issue.

Feature/458 upgrade dev dependencies fecgov/fec-eregs
2 participants
@rfultz @lbeaufort