Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update package.json #2996

Merged
merged 1 commit into from
May 21, 2018
Merged

Update package.json #2996

merged 1 commit into from
May 21, 2018

Conversation

john-md86
Copy link
Contributor

Suggestion of repair for problem found through npm audit. Updating this package will probably solve the problem. Procedure suggested by the npm website itself

image

@john-md86
Update package.json
d564665 
Suggestion of repair for problem found through npm audit. Updating this package will probably solve the problem. Procedure suggested by the npm website itself (https://docs.npmjs.com/getting-started/running-a-security-audit).
@googlebot
Copy link

Thanks for your pull request. It looks like this may be your first contribution to a Google open source project (if not, look below for help). Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

📝 Please visit https://cla.developers.google.com/ to sign.

Once you've signed (or fixed any issues), please reply here (e.g. I signed it!) and we'll verify it.

What to do if you already signed the CLA

Individual signers
Corporate signers

@john-md86
Copy link
Contributor Author

I signed it!

@googlebot
Copy link

CLAs look good, thanks!

@johnjbarton
Copy link
Contributor

Travis fails with

INVALID COMMIT MSG: does not match "<type>(<scope>): <subject>" !

@johnjbarton johnjbarton merged commit 667b47e into karma-runner:master May 21, 2018
@john-md86 john-md86 deleted the patch-1 branch May 22, 2018 13:39
@ffflabs
Copy link

ffflabs commented May 25, 2018

@johnjbarton
@SantiagoCJ

Unfortunately, log4js has loggly as an optional dependency, which is installed by npm@6 even if you do it with --no-optional.

loggly hasn't been updated in 2 years and has 6 vulnerabilities due to the fact of using outdated version of request and a dependency on timespan that has no patch.

So, even if using the latest log4js version (2.7.0), karma will generate a warning for those 6 vulnerabilities.

I reported this in log4js repo: log4js-node/log4js-node#716

@matthew-white matthew-white mentioned this pull request Jun 8, 2018
Closed
@mradionov mradionov mentioned this pull request Jun 19, 2018
Closed
@Omrisnyk Omrisnyk mentioned this pull request Oct 27, 2023
Open
@Omrisnyk Omrisnyk mentioned this pull request Dec 15, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@SantiagoCJ SantiagoCJ SantiagoCJ approved these changes

@johnjbarton johnjbarton johnjbarton approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@john-md86 @googlebot @johnjbarton @ffflabs @SantiagoCJ