Closed konklone closed 5 years ago
To fix the Travis build, I also:
npm audit
, and whose API doesn't exist anymore.I'd love to discuss how we might use npm audit
in future Travis builds, and where it's appropriate to warn rather than block a merge (especially for changes which need a major version update), but am happy to merge this first.
Looks good to me. nsp check
in the CI may have been a bad idea, glad to be rid of it. Additionally, GitHub now has a native feature to scan package dependencies and notify about new vulnerabilities.
This adds support for
noindex
indicators, as documented by Google here. If politely requested, we can add a specific report to a list that will emit the relevant HTTP header and meta tag for the report details page (which displays the report's full text).Any such reports will still be publicly visible, and searchable from within oversight.garden, but will not be indexed by any crawlers which honor the noindex signal.
The list of noindex'd reports is managed in a list in
config/noindex.yaml
, which is versioned. Thenoindex.yaml
file must be updated and the app redeployed for a new noindex value to take effect.