Shopify / shopify-marketplaces-admin-app

MIT License
38 stars 45 forks source link

Updated node-gyp dependency to resolve tar security vulnerability #2

Closed ricas07 closed 2 years ago

ricas07 commented 2 years ago

This ensures the tar dependency resolves to a patches version of a high security issue.

sqlite3 depends on node-gyp@3 which depends on tar@2. The tar security issue is patches in tar@4.

To 🎩 :

  1. Pull this branch and run yarn.
  2. Launch the application by running node app serve
  3. Verify the application functions properly by installing it on a new store as this will write to the sqlite db