Skip to content
This repository has been archived by the owner on Jun 27, 2019. It is now read-only.

Update transitive dependencies, fix vulnerability #25

Closed
wants to merge 3 commits into from
Closed

Update transitive dependencies, fix vulnerability #25

wants to merge 3 commits into from

Conversation

roschaefer
Copy link
Contributor

Vulnerability: https://nvd.nist.gov/vuln/detail/CVE-2018-3728

rm yarn.lock
yarn install

There is currently no way to update single transitive dependencies
see: yarnpkg/rfcs#54

@roschaefer
Update transitive dependencies, fix vulnerability
8558a59 
Vulnerability: https://nvd.nist.gov/vuln/detail/CVE-2018-3728

`rm yarn.lock`
`yarn install`

There is currently no way to update single transitive dependencies
see: yarnpkg/rfcs#54
@roschaefer
Remove package-lock.json
1228a3f 
The dependency manager of this repository is `yarn` not `npm`, so we
should only keep `yarn.lock` but not `package-lock.json` in order not to
confuse vulnerability scans of Github.
@roschaefer
Remove traces of npm package manager in README
f3ca1a5
@appinteractive
Copy link
Member

We have to check if the new versions still are working. Also the build is failing currently.

@appinteractive
Copy link
Member

As this breaks the build for not known reason, we still wait for a proper resolution on this.

@appinteractive appinteractive added Help-Wanted Extra attention is needed dependencies Automated Updating machanism labels May 11, 2018
@appinteractive
Copy link
Member

Fixed with #63

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Automated Updating machanism Help-Wanted Extra attention is needed
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@roschaefer @appinteractive