Updates dependencies to fix security vulnerabilities - Githubissues

cfpb / capital-framework

The Consumer Financial Protection Bureau's user interface framework

https://cfpb.github.io/capital-framework/

Creative Commons Zero v1.0 Universal

54 stars 29 forks source link

Updates dependencies to fix security vulnerabilities #871

Closed anselmbradford closed 5 years ago

anselmbradford commented 5 years ago

Repo reports vulnerabilities for merge and cryptiles. Updates gulp-less and jest to update/remove these dependencies.

Additions

Adds missing del dependency.

Changes

Updates babel-jest, babel-loader, gulp-less, jest, jest-cli, jest-when, jsdom, require-dir, and through2.
.babelrc updated to babel.config.js.
Updates test to import dom-closest.
Updates test simulate event syntax to es6 modules.

Testing

npm install
npm run build
gulp test should pass.

Screenshots

screen shot 2018-11-29 at 6 59 19 pm

Notes

Somehow del ended up in package-lock.json but was not in package.json, ???

anselmbradford commented 5 years ago

Updating stylelint from 9.3.0 to 9.9.0 breaks gulp lint, which happens automatically when package-lock is regenerated. I've downgraded it for now to fix the security vulnerabilities this PR intends to address.