Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix security vulnerabilities #620

Merged
merged 13 commits into from Mar 29, 2021
Merged

fix security vulnerabilities #620

merged 13 commits into from Mar 29, 2021

Conversation

pyu10055
Copy link
Collaborator

@pyu10055 pyu10055 commented Mar 26, 2021
edited by nsthorat

This change is Reviewable

@pyu10055 pyu10055 requested a review from lina128 March 26, 2021 07:19
@google-cla google-cla bot added the cla: yes label Mar 26, 2021
lina128
lina128 reviewed Mar 26, 2021
View reviewed changes
Copy link
Collaborator

@lina128 lina128 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewable status: 0 of 1 approvals obtained (waiting on @pyu10055)

facemesh/package.json, line 16 at r1 (raw file):

  },
  "peerDependencies": {
    "@tensorflow/tfjs-converter": "^3.3.0",

This package is deprecated, should we just delete it?

handpose/demo/package.json, line 12 at r1 (raw file):

  },
  "dependencies": {
    "@tensorflow-models/handpose": "0.0.7",

Why not use file:../dist?

pyu10055
pyu10055 commented Mar 26, 2021
View reviewed changes
Copy link
Collaborator Author

@pyu10055 pyu10055 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewable status: 0 of 1 approvals obtained (waiting on @lina128)

facemesh/package.json, line 16 at r1 (raw file):

Previously, lina128 (Na Li) wrote…

This package is deprecated, should we just delete it?

We can delete the package in a separate PR, just try to eliminate sec warning.

handpose/demo/package.json, line 12 at r1 (raw file):

Previously, lina128 (Na Li) wrote…

Why not use file:../dist?

I have changed some of this links since it is not compatible with npm audit fix command. I will revert them back.

lina128
lina128 approved these changes Mar 29, 2021
View reviewed changes
Copy link
Collaborator

@lina128 lina128 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you Ping!

Reviewable status: :shipit: complete! 1 of 1 approvals obtained (waiting on @lina128 and @pyu10055)

update_yarn_lock.sh, line 1 at r2 (raw file):

update() {

Does it need a license head?

pyu10055
pyu10055 commented Mar 29, 2021
View reviewed changes
Copy link
Collaborator Author

@pyu10055 pyu10055 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewable status: :shipit: complete! 1 of 1 approvals obtained (waiting on @lina128)

update_yarn_lock.sh, line 1 at r2 (raw file):

Previously, lina128 (Na Li) wrote…

Does it need a license head?

added thanks

@pyu10055 pyu10055 merged commit 048e44d into master Mar 29, 2021
@pyu10055 pyu10055 deleted the sec_fix branch March 29, 2021 17:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lina128 lina128 lina128 approved these changes

Assignees
No one assigned
Labels
cla: yes
Projects
None yet
Milestone
No milestone
2 participants
@pyu10055 @lina128