Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

update/npm packages #236

Merged
merged 3 commits into from
Aug 30, 2018
Merged

update/npm packages #236

merged 3 commits into from
Aug 30, 2018

Conversation

j-chimienti
Copy link

@j-chimienti j-chimienti commented Aug 20, 2018
edited
Loading

Before

security-audit-CEW-start.txt

found 53 vulnerabilities (4 low, 38 moderate, 10 high, 1 critical) in 9702 scanned packages
  51 vulnerabilities require semver-major dependency updates.
  2 vulnerabilities require manual review. See the full report for details.

After

security-audit-CEW-final.txt

found 6 vulnerabilities (2 low, 4 high) in 13516 scanned packages
  5 vulnerabilities require semver-major dependency updates.
  1 vulnerability requires manual review. See the full report for details.
Recommendations Action Reason
npm install gulp@4.0.0 nothing breaking changes from 3.9 -> 4 did not update in PR
multiple packages to upgrade lodash nothing did not update in PR info

@j-chimienti
update packages
95fef4d 
changes:

1. npm
1. gulp-less
1.

1. open
1. gulp-util
@j-chimienti
clean
bcf6df3
j-chimienti
j-chimienti commented Aug 20, 2018
View reviewed changes
app/bin/startMEW.js
@@ -1,11 +0,0 @@
#! /usr/bin/env node
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

remove file as open has critical vulnerability

j-chimienti
j-chimienti commented Aug 20, 2018
View reviewed changes
package.json
"hdkey": "^0.7.1",
"html2js-browserify": "^1.3.0",
"husky": "^0.14.3",
"idna-uts46": "^1.0.1",
"install": "^0.10.1",
"lint-staged": "^7.2.0",
"marked": "^0.3.6",
"open": "0.0.5",
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

open has critical dependency remove

j-chimienti
j-chimienti commented Aug 20, 2018
View reviewed changes
package.json
@@ -53,15 +53,13 @@
"ethereumjs-abi": "^0.6.4",
"ethereumjs-tx": "^1.3.0",
"ethereumjs-util": "^5.1.2",
"gulp-util": "^3.0.8",
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

not used in app and has vulnerability

@j-chimienti
update package.json / gulpfile
43b160d 
remove unused packages
add build script
clean gulpfile
@j-chimienti j-chimienti changed the title Fix/npm packages update/npm packages Aug 21, 2018
@Dexaran Dexaran merged commit e1357a7 into EthereumCommonwealth:mercury Aug 30, 2018
@ghost ghost mentioned this pull request Sep 6, 2018
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@j-chimienti @Dexaran