New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update dependencies #83

Merged
merged 1 commit into from Aug 9, 2018

Conversation

Projects
None yet
3 participants
@oncletom
Owner

oncletom commented Mar 13, 2018

Minor updates for commander and tape
Major updates for node-rsa and es6-promise

deploy:
provider: npm
email: hi@oncletom.io
api_key:
secure: UdhueW/+siuza1tueKlmLfyCxeqXB2Si53mDjz56ZXnW2rDdmBZuzHYE7IFn1u2Le2v+Eu+grGF7v9iGgEuIxMIa0JR+3Q55mZnMKHl+29fkaydq1hJgJH9wIXRu+1wistlnviK+N6fM5zt/H5taVXVV0yO/aAGgOwaFVqb1yrk=
api_key: "$NPM_TOKEN"

This comment has been minimized.

@PavelVanecek

PavelVanecek Mar 13, 2018

Collaborator

Where is the $NPM_TOKEN stored and passed? In travis configuration somewhere?

@PavelVanecek

PavelVanecek Mar 13, 2018

Collaborator

Where is the $NPM_TOKEN stored and passed? In travis configuration somewhere?

This comment has been minimized.

@oncletom

oncletom Aug 9, 2018

Owner

@PavelVanecek yes exactly, instead of being encrypted in the configuration file itself.

@oncletom

oncletom Aug 9, 2018

Owner

@PavelVanecek yes exactly, instead of being encrypted in the configuration file itself.

@whyisjake

This comment has been minimized.

Show comment
Hide comment
@whyisjake

whyisjake Aug 8, 2018

FYI, there is a security vulnerability in node-rsa that would be great to get patched.

                                                                                
                       === npm audit security report ===                        
                                                                                
┌──────────────────────────────────────────────────────────────────────────────┐
│                                Manual Review                                 │
│            Some vulnerabilities require your attention to resolve            │
│                                                                              │
│         Visit https://go.npm.me/audit-guide for additional guidance          │
└──────────────────────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low           │ Prototype Pollution                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ lodash                                                       │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=4.17.5                                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ crx [dev]                                                    │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ crx > node-rsa > lodash                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/577                       │
└───────────────┴──────────────────────────────────────────────────────────────┘

whyisjake commented Aug 8, 2018

FYI, there is a security vulnerability in node-rsa that would be great to get patched.

                                                                                
                       === npm audit security report ===                        
                                                                                
┌──────────────────────────────────────────────────────────────────────────────┐
│                                Manual Review                                 │
│            Some vulnerabilities require your attention to resolve            │
│                                                                              │
│         Visit https://go.npm.me/audit-guide for additional guidance          │
└──────────────────────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low           │ Prototype Pollution                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ lodash                                                       │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=4.17.5                                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ crx [dev]                                                    │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ crx > node-rsa > lodash                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/577                       │
└───────────────┴──────────────────────────────────────────────────────────────┘

@oncletom oncletom merged commit 20df2e1 into master Aug 9, 2018

5 checks passed

continuous-integration/appveyor/branch AppVeyor build succeeded
Details
continuous-integration/appveyor/pr AppVeyor build succeeded
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
continuous-integration/travis-ci/push The Travis CI build passed
Details
security/snyk - package.json No new issues
Details

@oncletom oncletom deleted the feature/update-deps branch Aug 9, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment