Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update devDependencies and gems. #27981

Merged
merged 1 commit into from Jan 7, 2019
Merged

Update devDependencies and gems. #27981

merged 1 commit into from Jan 7, 2019

Conversation

XhmikosR
Copy link
Member

@XhmikosR XhmikosR commented Jan 5, 2019

No description provided.

@XhmikosR XhmikosR requested a review from Johann-S January 5, 2019 10:06
@XhmikosR XhmikosR added this to Inbox in v4.3 via automation Jan 5, 2019
@XhmikosR XhmikosR force-pushed the v4-dev-xmr-deps branch 3 times, most recently from 57cf650 to 2278c56 Compare January 6, 2019 15:31
@XhmikosR XhmikosR moved this from Inbox to Ready to merge in v4.3 Jan 7, 2019
@XhmikosR
Copy link
Member Author

XhmikosR commented Jan 7, 2019

Finally down to 3 vulnerabilities, which unfortunately, I doubt they will be fixed anytime soon.

C:\Users\xmr\Desktop\bootstrap>npm audit

                       === npm audit security report ===


                                 Manual Review
             Some vulnerabilities require your attention to resolve

          Visit https://go.npm.me/audit-guide for additional guidance


  High            Regular Expression Denial of Service

  Package         string

  Patched in      No patch available

  Dependency of   broken-link-checker [dev]

  Path            broken-link-checker > bhttp > string

  More info       https://nodesecurity.io/advisories/536


  Low             Prototype Pollution

  Package         lodash

  Patched in      >=4.17.5

  Dependency of   broken-link-checker [dev]

  Path            broken-link-checker > bhttp > form-data2 > lodash

  More info       https://nodesecurity.io/advisories/577


  Low             Prototype Pollution

  Package         lodash

  Patched in      >=4.17.5

  Dependency of   broken-link-checker [dev]

  Path            broken-link-checker > bhttp > lodash

  More info       https://nodesecurity.io/advisories/577

found 3 vulnerabilities (2 low, 1 high) in 15736 scanned packages
  3 vulnerabilities require manual review. See the full report for details.

@XhmikosR XhmikosR merged commit cdece35 into v4-dev Jan 7, 2019
v4.3 automation moved this from Ready to merge to Shipped Jan 7, 2019
@XhmikosR XhmikosR deleted the v4-dev-xmr-deps branch January 7, 2019 16:57
@mdo mdo mentioned this pull request Jan 7, 2019
Closed
MartijnCuppens pushed a commit that referenced this pull request Jan 12, 2019
@XhmikosR @MartijnCuppens
Update devDependencies and gems. (#27981)
67c6326
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mdo mdo mdo approved these changes

@Johann-S Johann-S Johann-S approved these changes

Assignees
No one assigned
Labels
build v4
Projects
No open projects
v4.3
  
Shipped
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@XhmikosR @mdo @Johann-S