Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

address: http://nodesecurity.io/advisories/566 #177

Merged
merged 1 commit into from
Apr 30, 2018
Merged

address: http://nodesecurity.io/advisories/566 #177

merged 1 commit into from
Apr 30, 2018

Conversation

jgravois
Copy link
Contributor

@jgravois jgravois commented Apr 27, 2018
edited
Loading

note: this vulnerability is contained exclusively within our devDependencies. it doesn't affect lib consumers.

hapijs/hoek#230
request/request#2748

fs-events appears to be a false positive fsevents/fsevents#198 (comment)

in demos/vue

  • "webpack-dev-server": "^3.1.3"

i'll test again after a new gh-release-assets tag lands on npm.

@coveralls
Copy link

coveralls commented Apr 27, 2018
edited
Loading

Coverage Status

Coverage decreased (-0.6%) to 99.428% when pulling 16fd1a7 on chore/bump-hoek into 00d7e8c on master.

@jgravois
Copy link
Contributor Author

jgravois commented Apr 30, 2018
edited
Loading

rebased and confirmed that no lingering dependencies on hoek: <= 4.2.0 remain.

had to tweak a couple istanbul ignore statements to keep coverage @ 💯

i also noticed some duplicate boilerplate in our 'karma.conf.js' related to coverage and removed one set. hopefully this won't break coveralls.

@jgravois jgravois requested a review from noahmulfinger April 30, 2018 18:13
@jgravois
Copy link
Contributor Author

i cannot reproduce the slight dip in coverage coveralls is reporting locally.

noahmulfinger
noahmulfinger approved these changes Apr 30, 2018
View reviewed changes
Copy link
Contributor

@noahmulfinger noahmulfinger left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@jgravois I can't reproduce locally either. This looks good to me!

@noahmulfinger
Copy link
Contributor

@jgravois Also FYI your commit is marked as Unverified for some reason.

@jgravois
chore(security): bump devDependencies to resolve security vulnerability
16fd1a7 
AFFECTS PACKAGES:
@esri/arcgis-rest-auth
@esri/arcgis-rest-demo-vue-with-popup
@jgravois
Copy link
Contributor Author

your commit is marked as Unverified for some reason.

nice catch eagle 👁. no clue what was going on there, but a fresh iTerm session and rebase was all it took to get my commits signed again. ✅

@jgravois jgravois merged commit f407d79 into master Apr 30, 2018
@jgravois jgravois deleted the chore/bump-hoek branch May 1, 2018 15:53
@jgravois jgravois mentioned this pull request May 2, 2018
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@noahmulfinger noahmulfinger noahmulfinger approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jgravois @coveralls @noahmulfinger