Skip to content
This repository has been archived by the owner on Dec 8, 2022. It is now read-only.

Issue 365 npm audit fix #367

Merged
merged 3 commits into from
Dec 6, 2021
Merged

Issue 365 npm audit fix #367

merged 3 commits into from
Dec 6, 2021

Conversation

akuma1
Copy link
Collaborator

@akuma1 akuma1 commented Dec 2, 2021
edited
Loading

Resolves: #365

PR Safety Checklist:

  • Added the task to the appropriate release doc under Enhancements or Bug Fixes
  • Bump package.json & package-lock.json version numbers to appropriate release
  • (optional) All external API changes have been documented
  • (optional) Build docs: npm run docs

Quick Description of Changes (+ screenshots for ui changes):

gabe647
gabe647 approved these changes Dec 2, 2021
View reviewed changes
Copy link
Collaborator

@gabe647 gabe647 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

stazrad
stazrad reviewed Dec 6, 2021
View reviewed changes
package.json
@@ -151,24 +150,24 @@
"@babel/preset-react": "~7.7.0",
"@babel/runtime": "~7.7.2",
"@hot-loader/react-dom": "~16.13.0",
"@testing-library/dom": "~7.0.4",
"@seneca/vorpal": "^2.1.1",
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why the new vorpal dep here?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

original Vorpal dependency was last published to npm 5 years back and that has many security vulnerabilities including a critical security vulnerability. This forked version of Vorpal addresses those security vulnerabilities. Our long term plan is to completely re-write our cli to use some modern cli library like @boost/cli.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👌

@akuma1 akuma1 merged commit af1f005 into master Dec 6, 2021
@akuma1 akuma1 deleted the Issue-365-npm-audit-fix branch December 6, 2021 18:30
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@stazrad stazrad stazrad approved these changes

@gabe647 gabe647 gabe647 approved these changes

@chrisreams91 chrisreams91 Awaiting requested review from chrisreams91

@DAndrews99 DAndrews99 Awaiting requested review from DAndrews99 DAndrews99 is a code owner

@drodenberg drodenberg Awaiting requested review from drodenberg

@introvertedspud introvertedspud Awaiting requested review from introvertedspud

@PatchesMaps PatchesMaps Awaiting requested review from PatchesMaps

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Fix npm audit security vulnerabilities
3 participants
@akuma1 @gabe647 @stazrad