biojs / organisation

A hub for organising the community and ourselves
2 stars 1 forks source link

Upgrade node.js dependency version to fix potential security vulnerability in biojs/sniper #16

Open rowlandm opened 6 years ago

rowlandm commented 6 years ago

---------- Forwarded message ---------- From: GitHub notifications@github.com Date: Fri, Dec 29, 2017 at 9:53 AM Subject: [biojs/sniper] One of your dependencies may have a security vulnerability To: biojs/sniper sniper@noreply.github.com Cc: Security alert security_alert@noreply.github.com

rowlandm, We found a potential security vulnerability in one of the dependencies used by a repository that you contribute to.

@biojs
biojs/sniper Known high severity security vulnerability detected in ecstatic < 2.0.0 defined in package.json. package.json update suggested: ecstatic ~> 2.0.0. Always verify the validity and compatibility of suggestions with your codebase. Review vulnerable dependency

yochannah commented 6 years ago

To pick this task up

  1. Leave a comment on the issue saying you're interested in picking it up!
  2. Fork the sniper package and upgrade the dependency version for the package ecstatic to be at least version 2.0.0. If any errors come up, try to fix them.
  3. Run through the commands in the sniper readme and make sure they all still work as described.
  4. Make a PR to get your changed merged into the sniper package, and bask in your glory. You are awesome.

If you need help

Comment on the issue if you need help and aren't sure what to do. Feel free to mention @yochannah - or pop by our gitter chat

WVik commented 6 years ago

@wilzbach Hello! I was working on this issue but I'm stuck. I partly understand how the CLI works. To get an idea of how sniper works, I locally tried playing around with this repo: https://github.com/wilzbach/msa Will I have to create my own snippet and render it after changing package.json to test whether everything is working fine or not?