Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adds an audit script that ignores dev vulnerabilities #5655

Merged
merged 2 commits into from
May 26, 2020
Merged

Adds an audit script that ignores dev vulnerabilities #5655

merged 2 commits into from
May 26, 2020

Conversation

ryanml
Copy link
Contributor

@ryanml ryanml commented May 26, 2020
edited by bsclifton
Loading

Fixes brave/brave-browser#9938

Submitter Checklist:

Test Plan:

Ensure that test-security passes on Travis

Reviewer Checklist:

  • New files have MPL-2.0 license header.
  • Request a security/privacy review as needed.
  • Adequate test coverage exists to prevent regressions
  • Verify test plan is specified in PR before merging to source

After-merge Checklist:

  • The associated issue milestone is set to the smallest version that the
    changes has landed on.
  • All relevant documentation has been updated.

@ryanml ryanml added this to the 1.11.x - Nightly milestone May 26, 2020
@ryanml ryanml requested a review from bsclifton May 26, 2020 00:04
@ryanml ryanml self-assigned this May 26, 2020
@bsclifton
Made a few tweaks:
094e895 
- script returns 0 on success and 1 on failure
- when `audit_dev_deps` is passed, return value is now passed through
- updated `npm` command so that it works properly on Windows
- updated error condition to return 1 instead of throwing exception
@bsclifton bsclifton added the CI/skip Do not run CI builds (except noplatform) label May 26, 2020
bsclifton
bsclifton approved these changes May 26, 2020
View reviewed changes
Copy link
Member

@bsclifton bsclifton left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Awesome work here! Made a few changes so that it would use return values. Let me know what you think 😄

I can help with the next step, which would be to also edit https://github.com/brave/brave-browser/blob/master/scripts/audit.js (used for builds; won't affect travis-ci)

@bsclifton
Copy link
Member

Thanks for the pep8 fix w/ uplift.py; that was definitely my bad after addressing review feedback in #5639

@bsclifton bsclifton merged commit 4aa0050 into master May 26, 2020
@bsclifton bsclifton deleted the audit-script branch May 26, 2020 07:21
bsclifton added a commit that referenced this pull request May 27, 2020
@bsclifton
Merge pull request #5655 from brave/audit-script
64dd8d1 
Adds an audit script that ignores dev vulnerabilities
bsclifton added a commit that referenced this pull request May 27, 2020
@bsclifton
Merge pull request #5655 from brave/audit-script
49f05d8 
Adds an audit script that ignores dev vulnerabilities
This was referenced May 27, 2020
Merged
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bsclifton bsclifton bsclifton approved these changes

Assignees

@ryanml ryanml

Labels
CI/skip Do not run CI builds (except noplatform)
Projects
None yet
Milestone
1.11.x - Release #1
Development

Successfully merging this pull request may close these issues.

Do not fail test-security when there are only dev dependencies
2 participants
@ryanml @bsclifton