search

mozilla / blurts-server

Mozilla Monitor arms you with tools to keep your personal information safe. Find out what hackers already know about you and learn how to stay a step ahead of them.
https://monitor.mozilla.org
Mozilla Public License 2.0
713 stars 203 forks source link

Automate updating dependencies? #582

Closed pdehaan closed 6 months ago

pdehaan commented 5 years ago

Not sure if we want to use Renovate or Greenkeeper or something similar to keep the dependencies up to date.

I rm -rfed my ./node_modules/ and package-lock.json file and reinstalled everything from scratch and it seems that resolved the merge vuln module that was breaking CI recently. But, it seems like we have a few other stale modules:

$ npm outdated
Package Current Wanted Latest Location x.y.z dev?
babel-minify 0.4.3 0.4.3 0.5.0 blurts-server minor dev
dotenv 5.0.1 5.0.1 6.1.0 blurts-server major prod
eslint 4.19.1 4.19.1 5.8.0 blurts-server major dev
eslint-plugin-node 6.0.1 6.0.1 8.0.0 blurts-server major dev
fluent 0.8.1 0.8.1 0.9.1 blurts-server minor prod
got 8.3.2 8.3.2 9.3.1 blurts-server major prod
htmllint-cli 0.0.6 0.0.6 0.0.7 blurts-server patch dev
jsdom 11.12.0 11.12.0 13.0.0 blurts-server major prod
knex 0.14.6 0.14.6 0.15.2 blurts-server minor prod
onchange 4.1.0 4.1.0 5.1.0 blurts-server major dev 
$ npm run lint:audit

> blurts-server@0.0.1 lint:audit /Users/pdehaan/dev/github/mozilla/blurts-server
> npm audit

                       === npm audit security report ===

found 0 vulnerabilities
 in 30273 scanned packages
EMMLynch commented 6 months ago

Closing since we've redesigned the site and functionality since this was created. If you feel that this is still needed, please let me know.