Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dependency vulnerabilities #53

Closed
NetOpWibby opened this issue May 21, 2018 · 5 comments
Closed

Dependency vulnerabilities #53

NetOpWibby opened this issue May 21, 2018 · 5 comments
Assignees
@Krisseck
Milestone
June 6th (lbry.tech)

Comments

@NetOpWibby
Copy link
Contributor

The affected dependencies in question are node-sass and vuepress due to their dependencies. You can view this info yourself by running npm inpm shrinkwrapnpm audit.
@NetOpWibby
Copy link
Contributor Author

Found a fix for node-sass: sass/node-sass#2288 (comment)

@kauffj kauffj added this to the May 30th (lbry.tech) milestone May 23, 2018
@NetOpWibby
Copy link
Contributor Author

Not sure if we want to this paid integration (or something similar) but it may help: https://github.com/marketplace/greenkeeper

@Krisseck
Copy link
Contributor

Fixed the issue with node-sass, but vuepress/string vulnerability is still open, see here: vuejs/vuepress#493

@Krisseck
Copy link
Contributor

Krisseck commented May 25, 2018
edited
Loading

I had to revert the version of node-sass, it broke our build on Heroku.

@NetOpWibby
Copy link
Contributor Author

Figured we'd be at the mercy of maintainers of those packages.

@kauffj kauffj closed this as completed Jun 6, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Krisseck Krisseck

Labels
None yet
Projects
None yet
Milestone
June 6th (lbry.tech)
Development

No branches or pull requests
3 participants
@Krisseck @kauffj @NetOpWibby