Closed christensenmichael0 closed 4 years ago
Bobfrat
commented
4 years ago Well that will certainly suppress the warning message but doesn't address the security vulnerabilities. Does upgrading to latest versions of the responsible packages fix the vulnerabilities?
christensenmichael0
commented
4 years ago I can give that a shot.. is there a way to test that the upgrades haven't broken something else without manually clicking around in the browser?
Bobfrat
commented
4 years ago No, you'll have to click around. The sites pretty basic. Mostly hyperlinks.
christensenmichael0
commented
4 years ago @Bobfrat @kellydesent can you guys give this a spin. Seems to be working normally when running with Node and Docker.
Bobfrat
commented
4 years ago Looks good to me.
@Bobfrat I believe that its pretty standard to include a lock file but lets see if the warnings go away with this commit..
https://stackoverflow.com/questions/44552348/should-i-commit-yarn-lock-and-package-lock-json-files/44904494
In this case it seems that dependencies of other modules were responsible for the security warnings so it's out of our control.