-
Notifications
You must be signed in to change notification settings - Fork 4.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update packages to pass npm audit
#6772
Conversation
🎉 |
Why |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, something went wrong with the lock file. When I run npm i
locally I see tons of changes.
Needs rebase after #6758 got merged 😅 |
It's interesting that |
I've no idea why the lock file was the way it was, b311304 is +/- ~5000 and looks much saner |
Yes, all good now, I don't see any local changes after |
Description
npm v6 includes a new audit tool, when running
npm install
currently the following warning is displayed:After applying the patch here in this PR the warnings are gone:
Notes:
•
codecov
,webpack
, andwebpack-cli
are version bumps•
node-sass
changes from v4.7.2 to v4.7.0, this is due tonode-sass
> v4.7.1 locking down therequest
library to~2.79.0
which includes a vulnerablehoek
package, see https://nodesecurity.io/advisories/566. It also uses the v4.7.0 release from GitHub rather than npmjs.com because v4.7.0 is not published to npmjs.com. This issue will not be resolved bynode-sass
until v5.0.0 is released in a few weeks time when as part of that release Node.js v4 support will be dropped.• The latest release of
fsevents
is added as inoptionalDependencies
, this allows the version ofhoek
shipped inwebpack
to be overridden, it is also beneficial as Travis CI will no longer try to installfsevents
which removes another warning,fsevents
is a macOS only package, this change should also be made for core, see https://core.trac.wordpress.org/changeset/39368How has this been tested?
Running
npm i
Screenshots
Types of changes
Build tools.
Checklist: