Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feature/1 update npm dependencies #765

Conversation

boris-arkenaar
Copy link
Contributor

Before

Run npm audit and it will tell you

found 38419 vulnerabilities (38360 low, 30 moderate, 28 high, 1 critical)

Change

What I then did was

npm audit fix
npm audit fix
npm audit fix
npm remove leaflet-headless
npm i --save-dev leaflet-headless
npm remove build

Result

With the following result after running npm audit again

found 3 vulnerabilities (1 low, 1 moderate, 1 high)

Vulnerabilities left

First of all, all three vulnerabilities left are in dev dependencies.

Two vulnerabilities left are a moderate and a high one with js-yaml, indirect dependency of babel-plugin-inline-react-svg. These are discussed here where they say that these are actually false positives since no yaml input is being used. Unfortunately not easy to fix they say. We could only see for ourselves if we could upgrade to a different library which solves the same problem.

Then there is only one low vulnerability left with minimist, indirect dependency of webpack-pwa-manifest. This should be fixed by this PR, but that hasn't been merged yet.

Testing

To make sure everything still works after all these changes I ran all the tests (npm test) and ran the client (npm start) making sure the page seems to load correctly in the browser.

Please make sure as well if everything is still working. Maybe I'm missing some features that I haven't tested and might be broken.

@janjaap
Copy link
Contributor

janjaap commented Apr 14, 2020

@boris-arkenaar Thanks for the PR. That cleans the warning up nicely. Can you resolve the conflicts?

@boris-arkenaar
Copy link
Contributor Author

Fixes Signalen#1

@janjaap janjaap mentioned this pull request Apr 20, 2020
@janjaap
Copy link
Contributor

janjaap commented Apr 20, 2020

Replaced by #787

@janjaap janjaap closed this Apr 20, 2020
@boris-arkenaar boris-arkenaar deleted the feature/1-update-npm-dependencies branch April 21, 2020 08:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

Successfully merging this pull request may close these issues.

2 participants