Github dependabot finds vulnerabilities in the dependencies

ani-hovhannisyan / kanji-visualization

Kanji words visualization graph draws relational graph for kanjis of particular words in Japanese. Aim is to understand the relational graph of one kanji within different words and it's relations to all possible words.

MIT License

5 stars 1 forks source link

Github dependabot finds vulnerabilities in the dependencies #51

Closed ani-hovhannisyan closed 2 years ago

ani-hovhannisyan commented 2 years ago

@wowry Dependabot finds vulnerabilities in this repo (see pics), which is visible only for repository creator (me). Do you have any ideas? Shall we avoid it or to replace the dependencies? -->>> vulnerabilities_kanjivis -->>> githubdependabot-error

wowry commented 2 years ago

@ani-hovhannisyan Thank you for your report. Let me think about how to respond this for a while.

wowry commented 2 years ago

The dependabot warning messages can be reduced by running yarn upgrade periodically. This can also be automated using github actions. However, it is difficult to get rid of all the warning messages, so we may need to ignore them to some extent.

ani-hovhannisyan commented 2 years ago

I looked at the dependabot alerts and updated the front end version in graph-view branch as it's related to frontend deendencies. Have to merge to main to see whether dependabot sees the updates.

ani-hovhannisyan commented 2 years ago

Still one postcss warning was showing, so updated that too.

ani-hovhannisyan commented 2 years ago

Fix is in develop branch.

ani-hovhannisyan commented 2 years ago

Closing, as partly is ixed and next fix will be merged with develop branch.