Skip to content
This repository has been archived by the owner on May 13, 2024. It is now read-only.

npm audit shows 32 vulnerabilites #566

Closed
diracdeltas opened this issue Sep 16, 2020 · 2 comments · Fixed by #568 · May be fixed by #567
Closed

npm audit shows 32 vulnerabilites #566

diracdeltas opened this issue Sep 16, 2020 · 2 comments · Fixed by #568 · May be fixed by #567
Assignees
@zenparsing
Labels
security

Comments

@diracdeltas
Copy link
Member

found 32 vulnerabilities (11 low, 21 high) in 2303 scanned packages < most of these can be fixed automatically with npm audit fix
@diracdeltas diracdeltas mentioned this issue Sep 16, 2020
Open
9 tasks
@zenparsing zenparsing self-assigned this Oct 6, 2020
@zenparsing
Copy link
Collaborator

@diracdeltas The linked PR ignores https://npmjs.com/advisories/1556. Is that still OK? It looks like fixing 1556 will require a bump of styled-components of 2 major versions. It will take a bit more work to make sure that this will not break brave-ui users (or fix any breakages).

@diracdeltas
Copy link
Member Author

diracdeltas commented Oct 6, 2020
edited
Loading

@zenparsing that's fine. i excluded 1556 from brave-core for the same reasons (required some major bumps and also seemed like it needed an update for some package which the developer hadn't published an update for).

zenparsing added a commit that referenced this issue Oct 8, 2020
@zenparsing
Update dependencies to address NPM audit advisories
6bb98b5 
Updates package script "test-security" to use better-npm-audit and
ignore https://www.npmjs.com/advisories/1556, which will require
a potentially breaking upgrade of styled-components from major
version 3 to 5.

Resolves #566
@zenparsing zenparsing mentioned this issue Oct 8, 2020
Merged
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@zenparsing zenparsing

Labels
security
Projects
None yet
Milestone
No milestone
2 participants
@diracdeltas @zenparsing