Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Dependencies] Update deps to resolve vulns #16

Merged
merged 1 commit into from
Oct 12, 2022
Merged

[Dependencies] Update deps to resolve vulns #16

merged 1 commit into from
Oct 12, 2022

Conversation

WeirdAlex03
Copy link
Collaborator

Proposed changes

Describe the big picture of your changes here to communicate to the maintainers why we should accept this pull request. If it fixes a bug or resolves a feature request, be sure to link to that issue.

This resolves all vulnerabilities reported by npm audit,
including the breaking change to passport from ^0.4.1 to ^0.6.0.
All tests still pass with these updates.

Fixes #15

Types of changes

What types of changes does your code introduce?
Put an x in the boxes that apply

  • Bugfix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • Documentation Update (if none of the other choices apply)

Checklist

Put an x in the boxes that apply. You can also fill these out after creating the PR. If you're unsure about any of them, don't hesitate to ask. This is simply a reminder of what we are going to look for before merging your code.

  • My changeset covers only what is described above (no extraneous changes)
  • Lint and unit tests pass locally with my changes
  • I have added tests that prove my fix is effective or that my feature works
  • I have added necessary documentation (if appropriate)
  • Any dependent changes have been merged downstream

Further comments

If this is a relatively large or complex change, kick off the discussion by explaining why you chose the solution you did and what alternatives you considered, etc...

Following this, I believe we should consider something like Dependabot to automatically flag further vulnerabilities. I would be willing to set it up if we're following through with this.

@WeirdAlex03
[Dependencies] Update deps to resolve vulns
e451fba 
This resolves all vulnerabilities reported by `npm audit`,
including the breaking change to `passport` from `^0.4.1` to `^0.6.0`.
All tests still pass with these updates.

Fixes #15
@emilkovacev emilkovacev changed the base branch from master to submissionProblemScore October 12, 2022 21:17
@WeirdAlex03 WeirdAlex03 deleted the WeirdAlex03/issue15 branch October 12, 2022 21:18
@WeirdAlex03 WeirdAlex03 restored the WeirdAlex03/issue15 branch October 12, 2022 21:21
@WeirdAlex03 WeirdAlex03 reopened this Oct 12, 2022
@emilkovacev emilkovacev changed the base branch from submissionProblemScore to master October 12, 2022 21:23
emilkovacev
emilkovacev approved these changes Oct 12, 2022
View reviewed changes
Copy link
Member

@emilkovacev emilkovacev left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I checked that it removes the highest security dependency vulnerabilities, and it does!

@jessehartloff jessehartloff merged commit cd05c24 into makeopensource:master Oct 12, 2022
@WeirdAlex03 WeirdAlex03 deleted the WeirdAlex03/issue15 branch October 12, 2022 21:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@emilkovacev emilkovacev emilkovacev approved these changes

@jessehartloff jessehartloff jessehartloff approved these changes

Assignees
No one assigned
Labels
hacktoberfest-accepted
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Dependencies] Update dependencies to resolve vulnerabilities
3 participants
@WeirdAlex03 @jessehartloff @emilkovacev