Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix/dependabot alerts #25

Closed
wants to merge 3 commits into from
Closed

Fix/dependabot alerts #25

wants to merge 3 commits into from

Conversation

JAHMCR
Copy link
Contributor

@JAHMCR JAHMCR commented Jul 11, 2022
edited
Loading

Closes #22

Executed npm audit fix to solve some vulnerabilities

@JAHMCR JAHMCR requested a review from dwosk July 11, 2022 21:54
@dwosk
Copy link
Member

dwosk commented Jul 13, 2022

I think npm audit fix can potentially break things. Better to go through the alerts one by one and see which library it flags. Since many of them are probably flagging nested dependencies (i.e. dependencies of our dependencies), the proper way to fix this would be to update our direct dependencies to newer versions that contain updated versions of those nested libraries.

@dwosk dwosk closed this Jul 13, 2022
@gegles gegles deleted the fix/DependabotAlerts branch March 6, 2023 23:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dwosk dwosk Awaiting requested review from dwosk

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Fix Dependabots alerts
3 participants
@JAHMCR @dwosk @JAHMCRIBM