Skip to content

Security fixes #78

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 3 commits into from
Closed

Security fixes #78

wants to merge 3 commits into from

Conversation

sam-caldwell
Copy link

Problem Statement:

This project has multiple security vulnerabilities ranging from CRITICAL to LOW which must be patched to prevent exploitation.

Fixes:

  • This PR fixes ALL of the security vulnerabilities.
  • This PR is submitted with all tests passing.
  • A small known-issues comment is added to README.md to document an issue identified when running under node.js > v17.

healqq
healqq reviewed Dec 9, 2022
View reviewed changes
Copy link

@healqq healqq left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey! Great pr, I'd love this to be merged, I added a few comments

package.json
"glob-parent": "^6.0.0",
"loader-utils": "1.4.2",
"schema-utils": "^2.0.1",
"memory-fs": "^0.5.0"
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should go to dev dependencies, as it's only used in tests

package.json
@@ -23,21 +23,23 @@
],
"dependencies": {
"camelcase": "^5.3.1",
"loader-utils": "1.2.3",
"schema-utils": "^2.0.1"
"glob-parent": "^6.0.0",
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why was this one added, it doesn't seem to be used?

package.json
"eslint-config-prettier": "^6.0.0",
"jest": "^24.9.0",
"jest": "^28.1.3",
"package-json": "^8.1.0",
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this is a new dependency, doesn't seem to be used anywhere directly

package.json
"auto-changelog": "^2.2.1",
"css-loader": "*",
"css-loader3": "npm:css-loader@^3.1.0",
"eslint": "4.18.2",
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why was this removed?

@Obi-Dann
Copy link
Contributor

Closing as the security fixed were solved in another PR #83

@Obi-Dann Obi-Dann closed this Jan 22, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@healqq healqq healqq left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@sam-caldwell @Obi-Dann @healqq