44 - Security updates - Githubissues

intuit / judo

Judo is an easy-to-use Command Line Interface (CLI) Integration Testing Framework, driven from a simple yaml file that also contains assertions.

Other

51 stars 21 forks source link

44 - Security updates #45

Closed umer2001 closed 3 years ago

umer2001 commented 4 years ago

fix : #44 security updates

[yes] Does all of your new or changed code have unit tests?
[yes] Is overall unit test statement coverage still above 85%?
[yes ] Is code style linting passing with npm run lint?
[yes] Is the related GitHub issue number included in your branch name? ex branch name: fix/12-some-bug
[yes] Is the related GitHub issue number included in your pull request title? example PR title: "12 - Fixes some bug"
[yes] Is documentation still up to date after your change? just updated js libraries to latest versions.

worldjoe commented 4 years ago

I expect corresponding changes to the package.json file. The lock file is generated from there. not the other way around.

ejfrancis commented 4 years ago

I believe the package-lock can be updated w/o the package.json being updated. For example if package.json has "somelibrary": "^4.1.0" which allows a range anywhere from 4.1.0 to <5.0.0, the package-lock.json could have previously locked that to 4.3.1. If a security patch is later released as 4.3.8 we'd want to lock ours to 4.3.8, but the package.json's ^4.1.0 is still valid for either version.

I'd guess this was done by running npm audit fix

worldjoe commented 4 years ago

I heard someone volunteer to review. Thanks @ejfrancis lol.

umer2001 commented 4 years ago

@worldjoe @ejfrancis I did it by cloning repo and deleting package-lock.json file and running npm install. It created a new latest and compatible version of package-lock.json for me.