Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(payments): add npm auditing to payments-server dependencies #1896

Merged
merged 2 commits into from
Jul 23, 2019
Merged

chore(payments): add npm auditing to payments-server dependencies #1896

merged 2 commits into from
Jul 23, 2019

Conversation

jaredhirsch
Copy link
Member

Separated into two commits: one readable commit, and one with package-lock.json noise.

First commit: following the advice in the "enable security scanning of 3rd-party libraries and dependencies" checkbox in issue #1128, adds npm dependency auditing to the payments-server npm lint scripts as npm lint:deps. The audit-filter package requires an .npmrc file with a specific JSON format, so added that, too.

The second commit contains package-lock.json changes created by audit-filter automatically updating stale dependencies to eliminate known nsp errors.

@jaredhirsch
chore(payments): add audit-filter to npm lint scripts
6b2c463 
Related to issue mozilla#1128
@jaredhirsch
chore(payments): merge in audit-filter automatic updates
5973039 
* audit-filter claims it removed 17312 vulnerabilities by removing 2 packages
  and updating 4 packages.

Related to issue mozilla#1128
@jaredhirsch jaredhirsch changed the title 1128 audit deps chore(payments): add npm auditing to payments-server dependencies Jul 22, 2019
@meandavejustice
Copy link

Test failed on a 503 pulling down node, prolly to do with the github outages

Step 1/23 : FROM node:12-stretch AS node-builder
12-stretch: Pulling from library/node

error pulling image configuration: received unexpected HTTP status: 503 Service Temporarily Unavailable
Exited with code 1

@ianb ianb mentioned this pull request Jul 22, 2019
Closed
47 tasks
shane-tomlinson
shane-tomlinson approved these changes Jul 23, 2019
View reviewed changes
Copy link
Contributor

@shane-tomlinson shane-tomlinson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

r+

@meandavejustice meandavejustice merged commit 2aba786 into mozilla:master Jul 23, 2019
@jaredhirsch jaredhirsch mentioned this pull request Aug 16, 2019
Closed
17 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@shane-tomlinson shane-tomlinson shane-tomlinson approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jaredhirsch @meandavejustice @shane-tomlinson