Closed nmately closed 1 year ago
Name | Link |
---|---|
Latest commit | 87bdaa14ccebd1481912787b20be042c235f618e |
Latest deploy log | https://app.netlify.com/sites/sacramento-campaign-cash/deploys/651f9b1c16813900087233c5 |
Deploy Preview | https://deploy-preview-29--sacramento-campaign-cash.netlify.app |
Preview on mobile | Toggle QR Code...Use your smartphone camera to open QR code link. |
To edit notification comments on pull requests, go to your Netlify site configuration.
Thanks @nmately!!
resolves a bunch of security warnings on compile
note that this vulnerability still exists in xlsx (brought in via convert-excel-to-json) though as noted in github advisory https://github.com/advisories/GHSA-4r6h-8v6p-xvw6 this vulnerability is primarily expolited through crafted xls files, whereas our data is not user-provided so maybe OK for now
this also is likely to run into issues when @SKYang014 tries to merge/rebase off it. they're easily resolvable, but I also did a version where I rebased onto her work and it actually worked out much more simply. just FYI for if/when this causes a bunch of conflicts since we were both working on the same file. (that's nmately/sacramento-campaign-finance:security-audit-1-prototype-pollution-rebase-skyang
part of the issue there is that the package-lock.json file is both manually updated, and then processed by
npm install
andnpm audit fix
, which resolves dependencies within package-lock.json. so a manual version bump on a couple requirements results in a second pass that may cause changes to a number of packages/lines in the file