Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Before
Run
npm audit
and it will tell youChange
What I then did was
Result
With the following result after running
npm audit
againVulnerabilities left
First of all, all three vulnerabilities left are in dev dependencies.
Two vulnerabilities left are a moderate and a high one with
js-yaml
, indirect dependency ofbabel-plugin-inline-react-svg
. These are discussed here where they say that these are actually false positives since no yaml input is being used. Unfortunately not easy to fix they say. We could only see for ourselves if we could upgrade to a different library which solves the same problem.Then there is only one low vulnerability left with
minimist
, indirect dependency ofwebpack-pwa-manifest
. This should be fixed by this PR, but that hasn't been merged yet.Testing
To make sure everything still works after all these changes I ran all the tests (
npm test
) and ran the client (npm start
) making sure the page seems to load correctly in the browser.Please make sure as well if everything is still working. Maybe I'm missing some features that I haven't tested and might be broken.