Open sobolevn opened 4 years ago
I've done several things here:
npm audit said that this package contains several security vulnerabilities:
npm audit
found 8 vulnerabilities (1 low, 5 high, 2 critical) run `npm audit fix` to fix them, or `npm audit` for details
I have fixed them like so:
» npm audit fix npm WARN eslint-plugin-vue-a11y@0.0.31 No repository field. added 1 package from 1 contributor and updated 2 packages in 4.347s fixed 6 of 8 vulnerabilities in 330 scanned packages 1 package update for 2 vulnerabilities involved breaking changes (use `npm audit fix --force` to install breaking changes; or refer to `npm audit` for steps to fix these manually) » npm audit === npm audit security report === # Run npm install --save-dev mocha@6.2.2 to resolve 2 vulnerabilities SEMVER WARNING: Recommended action is a potentially breaking change ┌───────────────┬──────────────────────────────────────────────────────────────┐ │ Critical │ Command Injection │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Package │ growl │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Dependency of │ mocha [dev] │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Path │ mocha > growl │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ More info │ https://npmjs.com/advisories/146 │ └───────────────┴──────────────────────────────────────────────────────────────┘ ┌───────────────┬──────────────────────────────────────────────────────────────┐ │ Low │ Regular Expression Denial of Service │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Package │ debug │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Dependency of │ mocha [dev] │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Path │ mocha > debug │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ More info │ https://npmjs.com/advisories/534 │ └───────────────┴──────────────────────────────────────────────────────────────┘ found 2 vulnerabilities (1 low, 1 critical) in 331 scanned packages 2 vulnerabilities require semver-major dependency updates. » npm install --save-dev mocha@6.2.2 npm WARN eslint-plugin-vue-a11y@0.0.31 No repository field. + mocha@6.2.2 added 36 packages from 16 contributors, removed 14 packages, updated 8 packages and audited 463 packages in 10.048s found 0 vulnerabilities
Now, all packages are safe!
I have fixed npm WARN eslint-plugin-vue-a11y@0.0.31 No repository field. by adding a repository field.
npm WARN eslint-plugin-vue-a11y@0.0.31 No repository field.
repository
I have fixed all npm run lint issues and fixed test to pass
npm run lint
I have added .travis.yml so you can have a ci for each push. It should just work after enabling this repo at https://travis-ci.com/
.travis.yml
I have fixed #23 and updated dependencies.
Hey @maranran Love the repo - any idea if/when you could take a look at @sobolevn 's PR?
Hoping to use this with latest eslint
I've done several things here:
npm audit
npm audit
said that this package contains several security vulnerabilities:I have fixed them like so:
Now, all packages are safe!
package.json warnings
I have fixed
npm WARN eslint-plugin-vue-a11y@0.0.31 No repository field.
by adding arepository
field.Tests and linter
I have fixed all
npm run lint
issues and fixed test to passtravis ci
I have added
.travis.yml
so you can have a ci for each push. It should just work after enabling this repo at https://travis-ci.com/new dependencies
I have fixed #23 and updated dependencies.