Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump dev-dependency "tree-kill" #6629

Merged
merged 1 commit into from Jan 10, 2020
Merged

Bump dev-dependency "tree-kill" #6629

merged 1 commit into from Jan 10, 2020

Conversation

@warpech
Copy link
Member

warpech commented Jan 10, 2020

Context

An outdated dev-dependency tree-kill is causing builds to fail because of a high vulnerability reported by npm audit. This is fixable by running npm audit fix.

Link to the failing build: https://app.codeship.com/projects/26649/builds/45557707?pipeline=0912008e-8a1e-412d-b8e1-eb31a62e86ff

The npm audit report that shows the failure:

                       === npm audit security report ===                        
                                                                                
# Run  npm update tree-kill --depth 2  to resolve 2 vulnerabilities

 High           Command Injection                                            

 Package        tree-kill                                                    

 Dependency of  concurrently [dev]                                           

 Path           concurrently > tree-kill                                     

 More info      https://npmjs.com/advisories/1432                            




 High           Command Injection                                            

 Package        tree-kill                                                    

 Dependency of  tree-kill [dev]                                              

 Path           tree-kill                                                    

 More info      https://npmjs.com/advisories/1432                            



found 2 high severity vulnerabilities in 1773604 scanned packages
run `npm audit fix` to fix 2 of them.

How has this been tested?

All automated tests pass after this change.

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature or improvement (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • Additional language file or change to the existing one (translations)

Related issue(s):

Checklist:

  • My code follows the code style of this project,
  • My change requires a change to the documentation.
because it was reported by npm audit
@warpech warpech changed the base branch from master to develop Jan 10, 2020
@warpech

This comment has been minimized.

Copy link
Member Author

warpech commented Jan 10, 2020

Merging without a review, to fix CI on other branches started from develop.

@warpech warpech marked this pull request as ready for review Jan 10, 2020
@warpech warpech merged commit 4c0bdb0 into develop Jan 10, 2020
2 checks passed
2 checks passed
continuous-integration/codeship Build succeeded
Details
security/snyk - package.json (krzysztofspilka) No new issues
Details
@warpech warpech deleted the bump-dev-dependency-tree-kill branch Jan 10, 2020
jansiegel added a commit that referenced this pull request Feb 3, 2020
because it was reported by npm audit
@aninde

This comment has been minimized.

Copy link

aninde commented Feb 6, 2020

EDIT: Testing release 7.4.0: There is no 'npm audit' errors on develop and release/7.4.0 branch after builds Handsontable.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

2 participants
You can’t perform that action at this time.