fix(deps): remove high severity vulnerability and add extra travis ch…

…eck on PRS The only exception is `webpack-svgstore-plugin` that still points to some older package versions with `low` severity vulnerabilities and apparently the repo is not active that [the actual fix](mrsum/webpack-svgstore-plugin#172) could be merged. Because of that I'm limiting the scope to just `high` severity issues. Note: I decided to include `audit-ci` because `yarn` does not provide (yet) a way to filter violations by severity level.
erickwilder · Mar 20, 2019 · 4e0edc9 · 4e0edc9
1 parent 93ceec1
commit 4e0edc9
Show file tree

Hide file tree

Showing 3 changed files with 646 additions and 380 deletions.
diff --git a/.travis.yml b/.travis.yml
@@ -14,5 +14,6 @@ install:
   - yarn build:packages
 
 script:
+  - yarn audit-ci
   - yarn lint
   - yarn test
diff --git a/package.json b/package.json
@@ -10,7 +10,8 @@
     "build:examples": "node ./node_modules/@babel/node/bin/babel-node.js ./build/examples/build.js --env=production",
     "release": "yarn build:packages && yarn lint && yarn test && lerna publish",
     "lint": "eslint ./packages/**/src/**",
-    "test": "jest"
+    "test": "jest",
+    "audit-ci": "audit-ci --high"
   },
   "postcss": {
     "plugins": {
@@ -31,6 +32,7 @@
     "@babel/preset-env": "^7.3.4",
     "@babel/preset-stage-2": "^7.0.0",
     "@babel/runtime": "^7.3.4",
+    "audit-ci": "^1.4.1",
     "autoprefixer": "^9.4.10",
     "babel-core": "^7.0.0-bridge.0",
     "babel-eslint": "^10.0.1",
@@ -54,7 +56,7 @@
     "http-proxy-middleware": "^0.19.1",
     "http-server": "^0.11.1",
     "imagemin-webpack-plugin": "^2.4.2",
-    "jest": "^24.1.0",
+    "jest": "^24.5.0",
     "lerna": "^3.13.1",
     "mini-css-extract-plugin": "^0.5.0",
     "minimist": "^1.2.0",