-
-
Notifications
You must be signed in to change notification settings - Fork 58
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
mongodb: use driver 4.7.0 #50
base: master
Are you sure you want to change the base?
Conversation
It would be great to get this merged in. There are Vulnerabilities in this package that can be remediated by this. |
@EricThompson-PeopleReign: I haven't been able to get an answer from the maintainer, so I wouldn't be too hopeful. |
this merge request doesn't attempt to upgrade the version. also we will need to add gitlab actions to the repo now that travis non free. I also don't have an environment with MongoDB right now to do manual testing in case |
@wzrdtales: I am aware of that. I am happy to contribute with the upgrade but the whole CI needs a revamp since it is using an outdated toolchain. |
which toolchain you talk about, if you mean vows, not really worth the effort in time, but feel free to replace it with what the other projects already use, hapi lab. |
I think moving away from vows would be a good idea. It also brings in some vulnerability issues unless it can be upgraded to 0.8.3, but apparently tests break if we do. |
vulnerabilities in dev dependencies don't matter much usually, they don't end up in the end product. Also you will need to learn to distinguish vulnerabilities. As a piece of advice, don't make everything an elephant. We're talking about CVE of type |
Since this project is running on a old mongodb driver version, we should update it.
Will address issue #51