Skip to content
This repository was archived by the owner on Sep 3, 2022. It is now read-only.

Fix high vulns #199

Merged
merged 1 commit into from
Sep 11, 2020
Merged

Fix high vulns #199

merged 1 commit into from
Sep 11, 2020

Conversation

bryanmikaelian
Copy link
Contributor

@bryanmikaelian bryanmikaelian commented Sep 11, 2020
edited
Loading

Description

This PR addresses some dependencies with high vulnerabilities. The packages in question are:

  • bl
  • dot-prop
  • elliptic
  • js-yaml
  • cached-path-relative
  1. bl is a dependency of puppeteer, which we can just update
  2. dot-prop is related to snyk, which can just update
  3. elliptic is related to browserify, which we can just update
  4. js-yaml is related to eslint, which we can just update
  5. cached-path-relative is related to browserify, which we can just update

I also updated node-fetch (by mistake, heh).

Test plan

Testing completed successfully using unit tests.

Release plan

New version is not required because it's a dev-only change.

Checklist

  • Thorough explanation of the issue/solution, and a link to the related issue
  • CI tests are passing
  • Unit tests were written for any new code
  • Code coverage is at least maintained, or increased.

@bryanmikaelian bryanmikaelian requested a review from a team September 11, 2020 17:20
@bryanmikaelian bryanmikaelian merged commit f46d6ab into master Sep 11, 2020
@bryanmikaelian bryanmikaelian deleted the bryan/high-vulns branch September 11, 2020 17:35
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@juliofarah juliofarah juliofarah approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@bryanmikaelian @juliofarah