Bind all dependencies to latest version #161

Havunen · 2018-05-18T15:13:16Z

NPM v6 has started to report security issues. There is one security issue fixed in latest version of RC. This pull request binds all packages to latest versions where security issue is fixed.

                       === npm audit security report ===                        
                                                                                
┌──────────────────────────────────────────────────────────────────────────────┐
│                                Manual Review                                 │
│            Some vulnerabilities require your attention to resolve            │
│                                                                              │
│         Visit https://go.npm.me/audit-guide for additional guidance          │
└──────────────────────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low           │ Prototype Pollution                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ deep-extend                                                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=0.5.1                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ madge [dev]                                                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ madge > rc > deep-extend                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/612                       │
└───────────────┴──────────────────────────────────────────────────────────────┘

[!] 1 vulnerability found - Packages audited: 30308 (30308 dev, 686 optional)
    Severity: 1 Low

All tests seem to pass with updated packages and I also added .idea project files to gitignore

…c => deep-extend library. And added .idea project files to gitignore

pahen · 2018-05-21T12:14:20Z

Thanks! :)

Bind all dependencies to latest version

Bind all dependencies to latest version, It fixes security issue in r…

147d431

…c => deep-extend library. And added .idea project files to gitignore

pahen merged commit fa03312 into pahen:master May 21, 2018

nmeylan pushed a commit to nmeylan/madge that referenced this pull request Jan 7, 2020

Merge pull request pahen#161 from Havunen/master

ac79c34

Bind all dependencies to latest version

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bind all dependencies to latest version #161

Bind all dependencies to latest version #161

Havunen commented May 18, 2018

pahen commented May 21, 2018

Bind all dependencies to latest version #161

Bind all dependencies to latest version #161

Conversation

Havunen commented May 18, 2018

pahen commented May 21, 2018