Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: upgrade dompurify from 2.2.2 to 2.2.6 #1483

Merged
merged 1 commit into from
Feb 4, 2021
Merged

fix: upgrade dompurify from 2.2.2 to 2.2.6 #1483

merged 1 commit into from
Feb 4, 2021

Conversation

sy-records
Copy link
Member

Replace #1470

@vercel
Copy link

vercel bot commented Jan 29, 2021
edited
Loading

This pull request is being automatically deployed with Vercel (learn more).
To see the status of your deployment, click below or on the icon next to each commit.

🔍 Inspect: https://vercel.com/docsify-core/docsify-preview/l6tfu5hbe
✅ Preview: https://docsify-preview-git-fork-sy-records-dompurify.docsify-core.now.sh

@sy-records sy-records requested a review from a team January 29, 2021 01:08
@codesandbox-ci
Copy link

This pull request is automatically built and testable in CodeSandbox.

To see build info of the built libraries, click here or the icon next to each commit SHA.

Latest deployment of this branch, based on commit ed7fa16:

Sandbox Source
docsify-template Configuration

Koooooo-7
Koooooo-7 reviewed Jan 29, 2021
View reviewed changes
Copy link
Member

@Koooooo-7 Koooooo-7 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it seems there has the security/snyk issue on CI.
@anikethsaha could u plz check and fix it intead of manual upgrade?

@anikethsaha
Copy link
Member

Not sure whether I get this correctly but you are asking for a PR from snyk ? @Koooooo-7

@Koooooo-7
Copy link
Member

Not sure whether I get this correctly but you are asking for a PR from snyk ? @Koooooo-7

yup, the PR of snyk always deletes the dependencies about vue in package-lock.json. f.e see #1470 .

@Koooooo-7
Copy link
Member

I guess we need move the vue from devDependencies to dependencies .

@sy-records
Copy link
Member Author

sy-records commented Jan 29, 2021
edited
Loading

The reason I closed #1470 was because it was out of date, 4 versions behind

@sy-records
Copy link
Member Author

Maybe snyk doesn't recognize this style

https://github.com/docsifyjs/docsify/blob/develop/package.json#L106-L107

@sy-records sy-records merged commit eee9507 into docsifyjs:develop Feb 4, 2021
@sy-records sy-records deleted the dompurify branch February 4, 2021 00:30
@jhildenbiddle
Copy link
Member

Maybe snyk doesn't recognize this style

https://github.com/docsifyjs/docsify/blob/develop/package.json#L106-L107

@sy-records -- Let's ping Snyk and let them know that their system appears unable to determine when two versions of the same library are listed as dependencies. Otherwise we're just going to run into this issue over and over again. Sounds like @anikethsaha maintains our account?

@anikethsaha
Copy link
Member

Maybe snyk doesn't recognize this style
https://github.com/docsifyjs/docsify/blob/develop/package.json#L106-L107

@sy-records -- Let's ping Snyk and let them know that their system appears unable to determine when two versions of the same library are listed as dependencies. Otherwise we're just going to run into this issue over and over again. Sounds like @anikethsaha maintains our account?

I think @sy-records does have the access, right ?
if not please tell me how to give access, I tried but it wasnt successfull.

@sy-records
Copy link
Member Author

I private messaged you in discord @anikethsaha

@sy-records sy-records mentioned this pull request Feb 5, 2021
Merged
3 tasks
@anikethsaha anikethsaha mentioned this pull request Feb 19, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Koooooo-7 Koooooo-7 Koooooo-7 left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@sy-records @anikethsaha @Koooooo-7 @jhildenbiddle