Fix cheerio security flaw

medialab / artoo

artoo.js - the client-side scraping companion.

http://medialab.github.io/artoo/

MIT License

1.1k stars 93 forks source link

Fix cheerio security flaw #284

Closed andykais closed 6 years ago

andykais commented 6 years ago

this PR has two commits, the first upgrades the cheerio version from 0.19.0 to 0.22.0. This addresses the security flaw noted here #283. The changes between versions are noted here.

The second commit adds a package-lock.json file to the project. This will describe the exact dependency tree to ensure all npm installs behave the same. However, if this is not something everyone is comfortable with adding to the repo, I can revert that commit.

Yomguithereal commented 6 years ago

@andykais can you just tell me whether the unit tests pass?

Yomguithereal commented 6 years ago

Sorry. Just remembered I have a CI for that :). Merging.