Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix audit vulnerabilities & e2e specs #53

Merged
merged 7 commits into from Sep 4, 2018
Merged

Fix audit vulnerabilities & e2e specs #53

merged 7 commits into from Sep 4, 2018

Conversation

jackkoppa
Copy link
Contributor

@jackkoppa jackkoppa commented Sep 4, 2018
edited

Fixes all critical, high, and moderate importance vulnerabilities reported by npm audit. All major semver package updates were individually tested, running dev, build, and test after each update. The 3 remaining vulnerabilities are low priority, from the favicons-webpack-plugin dev dependency (see open issue). Closes #51.

During update of nightwatch to 1.0.10, recognized that the current e2e spec is copied from the default Vue.js app, and was thus failing. This PR removes the old specs, and adds 3 basic new specs, so that npm run e2e now passes. Ideally, future work can be done on a more full e2e suite. Closes #52.

@jackkoppa
Fix auto-fixable npm vulnerabilities
5d3a6d9 
Using npm audit fix
@jackkoppa
Update nightwatch to 1.0.0 to fix npm vulnerability
df06ba0 
Verified that 'build' and 'unit' commands run
todo: verify that e2e tests still run after installing Selenium prereqs
note: seems likely that e2e tests will fail, given that they still refere to Vue h1 defaults
@jackkoppa
Update chromedriver to work with Selenium & ignore Selenium log
27c85de 
Discovered incompatible version while running 'e2e'
todo: fix broken, original e2e tests, as originally noticed
@jackkoppa
Implement initial, working e2e specs
1557bf7 
Only replace initial 3, default Vue specs
Door is now open to implement more comprehensive e2e suite
@jackkoppa
Update karma dependency to fix npm vulnerability
f3ea09b 
Confirmed 'build' and 'test' (unit & e2e) work correctly
@jackkoppa
Update mocha to fix npm vulnerability
1663444 
Confirm 'dev', 'build', and 'test' (unit & e2e) all work correctly
@jackkoppa
Update remaining npm audit fixable vulnerabilities (sshpk & fill-range)
f014115 
Verify 'dev', 'build', and 'test' (unit & e2e) all still work correctly
todo: examine vulnerabilities requiring manual fixes; all dependencies of favicons-webpack-plugin
@vilsbole vilsbole merged commit c1a7e76 into gothinkster:master Sep 4, 2018
@jackkoppa jackkoppa deleted the jackkoppa-audit-fixes branch September 4, 2018 11:51
chapitak pushed a commit to chapitak/vue-realworld-example-app that referenced this pull request Nov 22, 2022
@vilsbole
Fix audit vulnerabilities & e2e specs - PR gothinkster#53 from jackko…
f2c5a2a 
…ppa/jackkoppa-audit-fixes

Fix audit vulnerabilities & e2e specs
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@jackkoppa @vilsbole