[Security] High Security Alert: Grunt Dependency

Hitchwiki / hitchwiki

The Hitchhiker's Guide to Hitchhiking the World

https://hitchwiki.org

32 stars 9 forks source link

[Security] High Security Alert: Grunt Dependency #194

Closed platschi closed 3 years ago

platschi commented 3 years ago

Since a week I'm receiving high security alert emails asking us to update grunt to ~>1.3.0

I'll add a pull request to fix this but I have no idea if the update will break anything, so please somebody with the proper knowledge double check and if all is good, merge.

// EDIT

Nevermind, it's for an archived repository /mediawiki-extensions-VectorBeta/, so whatever. Would still be great to stop those daily email digests somehow.

simison commented 3 years ago

It's fine, Grunt is a local dev tool anyway and not a public-facing code. It's also in an un-needed, archived repo like syou said, which is even a fork originally... so yeah no concerns just to ignore those. :-)

https://github.com/Hitchwiki/mediawiki-extensions-VectorBeta

Thanks for caring tho! :-)

simison commented 3 years ago

Would still be great to stop those daily email digests somehow.

Hm, Github's bot is disabled for archived repos — is it Github sending you those alerts or something else? Might be worth writing to github about it.