Skip to content
This repository has been archived by the owner on Jul 31, 2020. It is now read-only.

Update deps with npm audit fix #282

Merged
merged 1 commit into from
Feb 19, 2019
Merged

Update deps with npm audit fix #282

merged 1 commit into from
Feb 19, 2019

Conversation

bsclifton
Copy link
Member

Resolves this warning (found via npm audit):

┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High          │ Prototype Pollution                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ handlebars                                                   │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ istanbul [dev]                                               │
├───────────────┼──────────────────────────────────────────────────────────────┤
  1 Update deps with `npm audit fix`
│ Path          │ istanbul > handlebars                                        │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/755                       │
└───────────────┴──────────────────────────────────────────────────────────────┘

@bsclifton bsclifton self-assigned this Feb 15, 2019
SergeyZhukovsky
SergeyZhukovsky previously approved these changes Feb 15, 2019
View reviewed changes
Copy link
Member

@SergeyZhukovsky SergeyZhukovsky left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

++ But we need the same fix in staging branch. We use diff branches for production and for staging.

@SergeyZhukovsky
Copy link
Member

travis is failing as well!

darkdh
darkdh suggested changes Feb 15, 2019
View reviewed changes
Copy link
Member

@darkdh darkdh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

please do not submit PR directly into master
Current branch:
staging branch(staging)
master branch(production)

You will have to submit PR to staging first and then after it is merged you use merge commit to open PR against master.

@bsclifton bsclifton changed the base branch from master to staging February 18, 2019 17:45
@bsclifton
Copy link
Member Author

@darkdh OK great - updated 👍

SergeyZhukovsky
SergeyZhukovsky approved these changes Feb 19, 2019
View reviewed changes
Copy link
Member

@SergeyZhukovsky SergeyZhukovsky left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

++

@bsclifton bsclifton merged commit 3fae96b into staging Feb 19, 2019
@bsclifton bsclifton deleted the sync-fix-deps branch February 19, 2019 05:01
bsclifton added a commit that referenced this pull request Feb 19, 2019
@bsclifton
Merge pull request #282 from brave/sync-fix-deps
af90efc 
Update deps with `npm audit fix`
@bsclifton bsclifton mentioned this pull request Feb 19, 2019
Merged
@bsclifton
Copy link
Member Author

@darkdh per your comment above- I merged and then cherry-picked the merge commit into a branch based on master. Here's the PR:
#283

bsclifton added a commit that referenced this pull request Feb 19, 2019
@bsclifton
Merge pull request #283 from brave/sync-fix-deps-master
a8b5938 
Merge pull request #282 from brave/sync-fix-deps
@bsclifton bsclifton mentioned this pull request Feb 19, 2019
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@SergeyZhukovsky SergeyZhukovsky SergeyZhukovsky approved these changes

@darkdh darkdh darkdh approved these changes

Assignees

@bsclifton bsclifton

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@bsclifton @SergeyZhukovsky @darkdh