maranran / eslint-plugin-vue-a11y

Static AST checker for accessibility rules on elements in .vue
MIT License
161 stars 21 forks source link

Fixes #23 #24

Open sobolevn opened 4 years ago

sobolevn commented 4 years ago

I've done several things here:

npm audit

npm audit said that this package contains several security vulnerabilities:

found 8 vulnerabilities (1 low, 5 high, 2 critical)
  run `npm audit fix` to fix them, or `npm audit` for details

I have fixed them like so:

» npm audit fix
npm WARN eslint-plugin-vue-a11y@0.0.31 No repository field.

added 1 package from 1 contributor and updated 2 packages in 4.347s
fixed 6 of 8 vulnerabilities in 330 scanned packages
  1 package update for 2 vulnerabilities involved breaking changes
  (use `npm audit fix --force` to install breaking changes; or refer to `npm audit` for steps to fix these manually)

» npm audit

                       === npm audit security report ===                        

# Run  npm install --save-dev mocha@6.2.2  to resolve 2 vulnerabilities
SEMVER WARNING: Recommended action is a potentially breaking change
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Critical      │ Command Injection                                            │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ growl                                                        │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ mocha [dev]                                                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ mocha > growl                                                │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://npmjs.com/advisories/146                             │
└───────────────┴──────────────────────────────────────────────────────────────┘

┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low           │ Regular Expression Denial of Service                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ debug                                                        │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ mocha [dev]                                                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ mocha > debug                                                │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://npmjs.com/advisories/534                             │
└───────────────┴──────────────────────────────────────────────────────────────┘

found 2 vulnerabilities (1 low, 1 critical) in 331 scanned packages
  2 vulnerabilities require semver-major dependency updates.

» npm install --save-dev mocha@6.2.2
npm WARN eslint-plugin-vue-a11y@0.0.31 No repository field.

+ mocha@6.2.2
added 36 packages from 16 contributors, removed 14 packages, updated 8 packages and audited 463 packages in 10.048s
found 0 vulnerabilities

Now, all packages are safe!

package.json warnings

I have fixed npm WARN eslint-plugin-vue-a11y@0.0.31 No repository field. by adding a repository field.

Tests and linter

I have fixed all npm run lint issues and fixed test to pass

travis ci

I have added .travis.yml so you can have a ci for each push. It should just work after enabling this repo at https://travis-ci.com/

new dependencies

I have fixed #23 and updated dependencies.

genevagrant commented 4 years ago

Hey @maranran Love the repo - any idea if/when you could take a look at @sobolevn 's PR?

Hoping to use this with latest eslint