Skip to content

Fix issues with npm security #793

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
amacado merged 4 commits into from
Aug 10, 2021
Merged

Fix issues with npm security #793

amacado merged 4 commits into from
Aug 10, 2021

Conversation

@Thomas-Boi
Copy link
Member

@Thomas-Boi Thomas-Boi commented Aug 10, 2021
edited
Loading

Fixes

  • Addressed the security issues that I can. Here's the latest audit
    image
  • The issues that are left can't be fixed by me. The modules listed (yargs and glob-parent) are used by gulp's latest version and there's nothing I can do to upgrade them. Luckily, since the scripts don't accept user inputs, we should never run into any issues as listed by npm audit
  • This also added gulp-footer, which will be used by my upcoming seleniumUpgrade. There's no usage of it yet, I just added the package to see if I need to address any security

Test
Here's the latest script testing the sass modules.
image

Notes
This took a while because it requires the socketio fix and the open-gl fix.
Also, when you accept this PR, rename the commit to "Close #763: Update NPM packages". I want to see if this closes the listed commit automatically when we merge it into master.

@Thomas-Boi Thomas-Boi requested a review from amacado August 10, 2021 00:28
@Thomas-Boi Thomas-Boi added devops Devops/automation related enhancements enhancement dependencies Pull requests that update a dependency file labels Aug 10, 2021
@Thomas-Boi Thomas-Boi requested a review from Panquesito7 August 10, 2021 01:27
Panquesito7
Panquesito7 approved these changes Aug 10, 2021
View reviewed changes
Copy link
Member

@Panquesito7 Panquesito7 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't know too much about this (better let @amacado review this), but it LGTM. 👍

@amacado amacado merged commit cab25d5 into develop Aug 10, 2021
@amacado amacado deleted the thomas/feature/npmUpgrade branch August 10, 2021 08:51
@amacado
Copy link
Member

amacado commented Aug 10, 2021

Thanks for the update @Thomas-Boi! Very good pull request description! 👍🏻

@Thomas-Boi Thomas-Boi mentioned this pull request Aug 14, 2021
Merged
@amacado amacado mentioned this pull request Aug 14, 2021
Merged
GCHQDeveloper926 pushed a commit to GCHQDeveloper926/devicon that referenced this pull request Dec 20, 2024
@Thomas-Boi
Close devicons#763: Update NPM packages
6a84b2a 
* Fix issues with npm security (devicons#793)
* Updated gulp
* Update sass in gulpfile
* Add gulp-footer
* Change gulp-footer to devDepend
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@amacado amacado amacado approved these changes

@Panquesito7 Panquesito7 Panquesito7 approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file devops Devops/automation related enhancements enhancement

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@Thomas-Boi @amacado @Panquesito7