Address object-path vulnerability. #47
Conversation
There was a problem hiding this comment.
@gregmarr I think we can leave the npmrc file because part of the CI will copy the npmrc when running on internal CI. Please refer to #41. The intention was both 3rd party dev and us can all build it. But you are absolutely right on the package-lock.json, so maybe we just remove that file as well, what do you think?
|
I'm not sure, the |
Then I guess the approach we made about copying npmrc was not enough. I am fine keeping the npmrc file then. |
|
I think having the |
Agreed. can you do us a favor to include that in this repo's ReadMe? |
|
Thanks @gregmarr ! Merging. |
* Hide Submit PR button (#31) * Python3 migration (#27) * Images changed to reflect Python 3 interface * Sample files Updated to Python 3 Python Script.dyn and Python Script from String.dy updated to Python 3 * Addition of files to have CI7CD piepline for prod environment (#35) * Security fix first commit (#36) * Update notification mail master (#40) * Addition of files to have CI7CD piepline for prod environment * Update notification mail * Update Dynamo_Nodes_Documentation.json (#43) * Update pipeline.yml (#44) * Change job to use node labels (#45) * Update pipeline.yml * Update Jenkinsfile * Add generic documentation to add node's description for all hosts. (#48) * Make readme/names generic for hosts * Update README.md * Address object-path vulnerability. (#47) * Address object-path vulnerability. * Delete .npmrc * Update README.md * lodash vuln (#50) * add a dep on lodash to force the newer version for react-scripts and redux. * use lodash instead of underscore remove underscore from package json and lock * add dep on ua-parser-js 0.7.23 * update axios * remove direct dep on ua-parser-js Co-authored-by: kirschm <[email protected]> * React-scripts update and other fixes (#51) * DYN-3658 Update react-scripts and more * Chore/upgrade to react16 (#55) * chore: upgrade to React@16 * chore: update package.json to React 16.14.0 * chore: move react-scripts to fix npm audit facebook/create-react-app#11081 facebook/create-react-app#11174 * chore: remove deprecated react-tap-event-plugin * upgrade material-ui * add tooltip * update more mat-ui components * error check for add files * Font Warning (#56) * Use external repo name for harmony. (#57) * udpdate axios version (#60) Co-authored-by: pinzart <[email protected]> * Update axios (#61) * udpdate axios version * Update package-lock.json Co-authored-by: pinzart <[email protected]> * Security vulnerabilities Fix Part I (#62) * Initial commits * Remove Console log * Security Updates (#63) * Security vulnerabilities Fix Part III (#64) * Security Updates * more updates Co-authored-by: Ashish Aggarwal <[email protected]> Co-authored-by: Martin Stacey <[email protected]> Co-authored-by: alfredo-pozo <[email protected]> Co-authored-by: aparajit-pratap <[email protected]> Co-authored-by: pinzart90 <[email protected]> Co-authored-by: geidlin <[email protected]> Co-authored-by: gregmarr <[email protected]> Co-authored-by: Michael Kirschner <[email protected]> Co-authored-by: kirschm <[email protected]> Co-authored-by: wmui51 <[email protected]> Co-authored-by: pinzart <[email protected]>
@QilongTang I added the .npmrc when I thought this repo was internal, thought it was just missed since the links in package-lock.json are to art-bobcat. I'm not sure it makes sense to have it when it's external, as it would cause problems for users, but the existing package-lock.json would cause problems too. Is it intentional that there is no .npmrc?