Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[JS] Audit updates #5119

Merged
merged 1 commit into from
Dec 1, 2020
Merged

[JS] Audit updates #5119

merged 1 commit into from
Dec 1, 2020

Conversation

paulcam206
Copy link
Member

@paulcam206 paulcam206 commented Nov 30, 2020
edited by ghost

Description

Updates to package dependency versions for security reasons. Also introduce new auditing tool to make handling auditing easier (since lerna still doesn't have integrated audit support, and breaks npm audit due to how it links together monorepo packages).

From sources/nodejs you can now issue npm run audit-all, which will do the equivalent of an npm audit fix for each project.

One small tweak -- moving to a newer version of hexo meant that the external_links: true directive in source/nodejs/adaptivecards-site/_config.yml is deprecated:

adaptivecards-site: WARN  Deprecated config detected: "external_link" with a Boolean value is deprecated. See https://hexo.io/docs/configuration for more details.

The fix was easy enough as seen in the diff.

How Verified

  • local build/run w/ sanity check
Microsoft Reviewers: Open in CodeFlow

@paulcam206 paulcam206 added Platform-JavaScript Bugs or features related to the JavaScript renderer Security Issues pertaining to a security vulnerability labels Nov 30, 2020
@ghost
Copy link

ghost commented Nov 30, 2020

Hi @paulcam206. Thanks for helping make the AdaptiveCards JS renderer + tooling better. As additional verification, once the JS build succeeds, please go to the test site to test out your website/designer changes.

@paulcam206 paulcam206 merged commit 29ac75e into main Dec 1, 2020
@paulcam206 paulcam206 deleted the paulcam/cg-nodejs-audits branch December 1, 2020 00:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dclaux dclaux dclaux approved these changes

@matthidinger matthidinger Awaiting requested review from matthidinger

@shalinijoshi19 shalinijoshi19 Awaiting requested review from shalinijoshi19

Assignees
No one assigned
Labels
Platform-JavaScript Bugs or features related to the JavaScript renderer Security Issues pertaining to a security vulnerability
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@paulcam206 @dclaux