Closed dkempner closed 2 years ago
Merging #477 (ea78f69) into master (d2dbe22) will increase coverage by
84.16%
. The diff coverage isn/a
.
@@ Coverage Diff @@
## master #477 +/- ##
===========================================
+ Coverage 0 84.16% +84.16%
===========================================
Files 0 62 +62
Lines 0 1572 +1572
Branches 0 362 +362
===========================================
+ Hits 0 1323 +1323
- Misses 0 198 +198
- Partials 0 51 +51
this is great, but I wonder if there's actually any security issues here?
I Think if you read the CVE on these, they don't apply to most of our cases of running in CI (Which is where most of these packages are used)
I Think if you read the CVE on these, they don't apply to most of our cases of running in CI (Which is where most of these packages are used)
i completely agree. and Security even called it out here:
Some of the vulnerabilities make sense only in a backend context (e.g. nodejs) and shouldn't impact Snacks, but given this is a public repo - I think it's worth the effort to address them.
i'm fine to put this in the bin.
Checklist
Snapshots look harmless. Looks like a different way of handling ForwardRef + css animations in a snapshot.
I chose module resolutions instead of upgrading for the following reasons:
lodash
: used too many places to upgrade everywhereimmer
: upgrading its one dependency, react-styleguideist broke the docs sitemerge-deep
: used in thesvgr
lib which couldn't handle an update either.