Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dependency vulnerabilities. #133

Open
janzenz opened this issue Oct 9, 2018 · 0 comments
Open

Dependency vulnerabilities. #133

janzenz opened this issue Oct 9, 2018 · 0 comments
Assignees
@janzenz

Comments

@janzenz
Copy link
Contributor

janzenz commented Oct 9, 2018
edited
Loading

I got a notification from Github reporting vulnerabilities in the packages: https://github.com/springload/madewithwagtail/network/dependencies

These vulnerabilities seems to occur on transitive dependencies, which can be fixed by specifying the version of these sub-dependencies. There seem to be 2 options to achieve this:

  • Using https://github.com/rogeriochaves/npm-force-resolutions to force the resolution of these sub-dependencies to a specific version.
  • Another option is use yarn instead of npm which natively supports this. The first option is actually inspired by this feature in yarn.
@janzenz janzenz self-assigned this Sep 29, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@janzenz janzenz

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@janzenz