search

abcnews / aunty

A toolkit for working with ABC News projects
https://www.npmjs.com/package/@abcnews/aunty
MIT License
32 stars 5 forks source link

Fix vulnerabilities #52

Closed drzax closed 6 years ago

drzax commented 6 years ago

This now has a decent collection of vulnerabilities. We should fix 'em.

drzax commented 6 years ago

Just for fun I've run npm audit fix just to see what the result is.

[09:20:23] ⚡  npm audit fix

> node-sass@4.9.0 install /Users/elverys7d/Projects/aunty/node_modules/node-sass
> node scripts/install.js

Cached binary found at /Users/elverys7d/.npm/node-sass/4.9.0/darwin-x64-64_binding.node

> node-sass@4.9.0 postinstall /Users/elverys7d/Projects/aunty/node_modules/node-sass
> node scripts/build.js

Binary found at /Users/elverys7d/Projects/aunty/node_modules/node-sass/vendor/darwin-x64-64/binding.node
Testing binary
Binary is fine
+ node-sass@4.9.0
+ babel-core@6.26.3
+ eslint@4.19.1
added 43 packages from 160 contributors, removed 23 packages, updated 51 packages and moved 4 packages in 11.884s
fixed 192 of 235 vulnerabilities in 5887 scanned packages
  1 vulnerability required manual review and could not be updated
  3 package updates for 42 vulns involved breaking changes
  (use `npm audit fix --force` to install breaking changes; or do it by hand)
colingourlay commented 6 years ago

Good call. I'll get them in there before the next release.

colingourlay commented 6 years ago

A bunch of dependency updates went out in https://github.com/abcnews/aunty/tree/7.9.0

colingourlay commented 6 years ago

We finally managed to get a version of node-sass in that doesn't have vulnerable dependencies!