Skip to content
This repository has been archived by the owner on Aug 13, 2023. It is now read-only.

Minimist updates to fix vulnerability #3270

Merged
merged 22 commits into from
Mar 30, 2020
Merged

Minimist updates to fix vulnerability #3270

merged 22 commits into from
Mar 30, 2020

Conversation

j-pendlebury
Copy link
Contributor

@j-pendlebury j-pendlebury commented Mar 18, 2020
edited
Loading

Part of #3268

Overall change:
Re-generated package-locks for all Psammead packages, as well as ran npm audit fixin each one.

This brings down our number of vulnerabilities to 21 (according to npm audit)

Code changes:

  • Regenerated package-locks and npm audit fix ran in:
    • main Psammead dir
    • psammead-content-anchor
    • psammead-timestamp-container
    • moment-timezone-include
    • psammead-calendars
    • psammead-rich-text-transforms
    • psammead-storybook-helpers
    • psammead-test-helpers
  • I have assigned myself to this PR and the corresponding issues
  • Automated jest tests added (for new features) or updated (for existing features)
  • This PR requires manual testing

@j-pendlebury j-pendlebury added dependencies Pull requests that update a dependency file ws-home Tasks for the WS Home Team ws-media The World Service media stream ws-articles Tasks for the WS Articles Team labels Mar 18, 2020
@j-pendlebury j-pendlebury self-assigned this Mar 18, 2020
@j-pendlebury j-pendlebury marked this pull request as ready for review March 19, 2020 09:09
@j-pendlebury j-pendlebury marked this pull request as ready for review March 19, 2020 09:10
@j-pendlebury j-pendlebury changed the title Security fixes Minimist updates to fix vulnerability Mar 19, 2020
@j-pendlebury
Copy link
Contributor Author

We're down to three low vulnerabilities:

lerna>@lerna/publish>@lerna/version>@lerna/conventional-commits>conventional-changelog-core>conventional-changelog-writer>handlebars>optimist>minimist
lerna>@lerna/version>@lerna/conventional-commits>conventional-changelog-core>conventional-changelog-writer>handlebars>optimist>minimist
stylelint>postcss-sass>gonzales-pe>minimist

thekp
thekp approved these changes Mar 26, 2020
View reviewed changes
Copy link
Contributor

@thekp thekp left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 👍

@PriyaKR PriyaKR self-assigned this Mar 30, 2020
@PriyaKR
Copy link
Contributor

PriyaKR commented Mar 30, 2020

LGTM.

@sareh sareh merged commit b8ccb2f into latest Mar 30, 2020
@sareh sareh deleted the security-fixes branch March 30, 2020 13:24
This was referenced Apr 7, 2020
Closed
Closed
Merged
@snyk-bot snyk-bot mentioned this pull request Apr 24, 2023
Open
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@thekp thekp thekp approved these changes

@Bopchy Bopchy Bopchy approved these changes

Assignees

@PriyaKR PriyaKR

@j-pendlebury j-pendlebury

Labels
dependencies Pull requests that update a dependency file ws-articles Tasks for the WS Articles Team ws-home Tasks for the WS Home Team ws-media The World Service media stream
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@j-pendlebury @PriyaKR @Bopchy @thekp @sareh