j-f1
commented
5 years ago It seems like the compromised versions got unpublished, so this shouldnât be a big problem for us.
Closed melanieseltzer closed 5 years ago
j-f1
commented
5 years ago It seems like the compromised versions got unpublished, so this shouldnât be a big problem for us.
melanieseltzer
commented
5 years ago Ah phew. Yeah looks like flatmap-stream gets removed after doing a yarn install. Probably not critical now but it probably wouldn't hurt to update ps-tree regardless.
melanieseltzer
commented
5 years ago @AWolf81 Created! #344
melanieseltzer
commented
5 years ago @AWolf81 CircleCI is failing again đ€ Also confused about the -8.4% diff, wasn't master just merged into this branch? So shouldn't coverage be the same since the only change here is package related?
AWolf81
commented
5 years ago @melanieseltzer it's failing because there is a small bug in master. Duplicate translateX statement in Sidebar component - see a commit in feature-terminal-links branch for how to fix it. translateX is already handled in attrs a few lines above - seems like this is from a merge and we haven't noticed that it was added.
Codecov not updated because of the failing test. Coverage should be OK after fixing that.
There is a security vulnerability affecting event-stream (see here).
It's recommended to upgrade to ps-tree@1.1.1+ which locks event-stream to 3.3.4 (before the vulnerability) - see here. Although they just released ps-tree@1.2.0 which is what I pinned here. But should we still use ps-tree@1.1.1 regardless?