Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

update gulp packages to address vulnerability #3343

Merged
merged 3 commits into from
Dec 4, 2018

Conversation

jsnellbaker
Copy link
Collaborator

@jsnellbaker jsnellbaker commented Nov 30, 2018

Type of change

  • Bugfix
  • Other

Description of change

Fix for #3330

Update some gulp packages that had a vulnerable dependency and replace the gulp-connect with gulp-webserver.

Some context on the replacement:
When we replaced the gulp-connect package with a forked version that had the vulnerability fix - we were seeing errors that the gulp-connect module couldn't be found whenever we run any gulp commands. The npm install showed no errors and the gulp-connect seemed to setup correctly in the node_modules; it was unclear why this wouldn't work. So we opted to find a different package that met the same need.

Copy link
Collaborator

@jaiminpanchal27 jaiminpanchal27 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.

@jaiminpanchal27 jaiminpanchal27 added LGTM needs 2nd review Core module updates require two approvals from the core team labels Dec 3, 2018
package.json Outdated
"gulp-coveralls": "^0.1.4",
"gulp-eslint": "^4.0.0",
"gulp-footer": "^1.0.5",
"gulp-footer": "github:jsnellbaker/gulp-footer#master",
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

let's fork this into prebid github account so it's not tied to a particular user.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

made the the update.

Copy link
Member

@mkendall07 mkendall07 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

one small change otherwise LGTM

Copy link
Member

@mkendall07 mkendall07 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@jaiminpanchal27 jaiminpanchal27 merged commit 5e3f144 into master Dec 4, 2018
loic-talon pushed a commit to onfocusio/Prebid.js that referenced this pull request Dec 19, 2018
* update gulp packages to address vulnerability

* some minor cleanup in the gulpfile tasks

* replace the fork used for gulp-footer
ghost pushed a commit to devunrulymedia/Prebid.js that referenced this pull request Jan 30, 2019
* update gulp packages to address vulnerability

* some minor cleanup in the gulpfile tasks

* replace the fork used for gulp-footer
pedrolopezmrf pushed a commit to Marfeel/Prebid.js that referenced this pull request Mar 18, 2019
* update gulp packages to address vulnerability

* some minor cleanup in the gulpfile tasks

* replace the fork used for gulp-footer
@jsnellbaker jsnellbaker mentioned this pull request Sep 5, 2019
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
LGTM needs 2nd review Core module updates require two approvals from the core team
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants