Skip to content

update packages #511

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

update packages #511

wants to merge 1 commit into from

Conversation

@thomseddon
Copy link
Member

@thomseddon thomseddon commented Aug 3, 2018

Github alerted me to a vulnerability in the growl library (used by mocha) so I've taken the opportunity to update all packages.

Will leave this here for a short amount of time before merging, all test are passing but let me know if you see any problems

This was referenced Aug 3, 2018
Closed
Merged
@thomseddon thomseddon added this to the 3.1.0 milestone Aug 3, 2018
compwright
compwright reviewed Aug 3, 2018
View reviewed changes
Copy link

@compwright compwright left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There are a few updates that could still be done, and jshint needs to be replaced with eslint to eliminate all security vulnerabilities (see output of npm audit).

package.json
"type-is": "^1.6.15"
},
"devDependencies": {
"jshint": "2.9.4",
Copy link

@compwright compwright Aug 3, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This will still cause security warnings from npm audit. jshint has old dependencies and hasn't released a version in a while - it's probably not maintained anymore. I recommend replacing with eslint.

package.json
"type-is": "1.6.15"
"basic-auth": "^2.0.0",
"bluebird": "^3.5.0",
"lodash": "^4.17.4",
Copy link

@compwright compwright Aug 3, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There is a later version available - maybe bump to 4.18?

package.json
"bluebird": "^3.5.0",
"lodash": "^4.17.4",
"promisify-any": "^2.0.1",
"statuses": "^1.3.1",
Copy link

@compwright compwright Aug 3, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In my testing this could go to 1.5 without issue.

@thomseddon
Copy link
Member Author

thomseddon commented Aug 3, 2018

Working on #508 in preference

@thomseddon thomseddon closed this Aug 3, 2018
@thomseddon thomseddon mentioned this pull request Aug 17, 2018
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@compwright compwright compwright left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

3.1.0

Development

Successfully merging this pull request may close these issues.

2 participants

@thomseddon @compwright