Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update the vulnerable dependency #1

Merged
merged 2 commits into from
May 30, 2019
Merged

Update the vulnerable dependency #1

merged 2 commits into from
May 30, 2019

Conversation

github-learning-lab[bot]
Copy link

Update the dependency

Next, we'll go through the GitHub Flow to make some changes. If you aren't sure how to do this, try the Introduction to GitHub course and then come back to give it another try.

Note: Before doing this with real world code, make sure that the upgraded package works with your code. Good unit tests and CI (continuous integration) will help you update with confidence.

Step 4: Updating dependency versions

Now that you know the recommended version, it's time to edit the package.json file. You'll upgrade the package to a non-vulnerable version.

⌨️ Activity: Update the package.json file

  1. Within this pull request, go to Files changed.
  2. Click the ellipsis (...) in the right upper corner and click Edit file to edit the package.json file.
  3. Fix the vulnerability by updating to the latest version of the dependency that you took note of earlier.
  4. Scroll down, and commit your change.

@github-learning-lab github-learning-lab bot mentioned this pull request May 30, 2019
Closed
@github-learning-lab
Copy link
Author

Step 3: Merge this pull request

Great job, @sseacrest, your pull request looks good. Thank you for fixing the vulnerable dependency!

Note: You might notice that this repository has a package.json file, but no package-lock.json file. We are doing all parts of this activity on GitHub.com. If you work with other repositories, you might notice some differences. Regardless of what dependency files you use, the main concepts of this course still apply.

⌨️ Activity: Merge

  1. Merge this pull request.

@sseacrest sseacrest merged commit 95b0b05 into master May 30, 2019
@github-learning-lab
Copy link
Author

Nice job merging @sseacrest. Go ahead and delete the branch.

Let's learn about .gitignore files in the next pull request.

@delete-merged-branch delete-merged-branch bot deleted the update-dependency branch May 30, 2019 11:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@sseacrest