Closed striezel closed 3 years ago
twolfson
commented
3 years ago LGTM. Not associating with a deploy since this only affects devDependencies =/
I believe I took care of any critical underscore/grunt dependencies (GitHub told me about a lot of them)
striezel
commented
3 years ago Not associating with a deploy since this only affects
devDependencies=/
Fair enough. :)
I believe I took care of any critical
underscore/gruntdependencies (GitHub told me about a lot of them)
Well, I did not check every repository here, just the ones I came across when working on other projects. Anyways, it is excellent to see that you reacted swiftly and also took actions yourself to fix the critical stuff. :+1:
striezel
commented
3 years ago I believe I took care of any critical
underscore/gruntdependencies (GitHub told me about a lot of them)
@twolfson: One more PR with grunt etc. updates is still open: twolfson/foundry-release-npm#2 Just pointing this out to be on the safe side, because I am not sure if you missed it or just haven't gotten around to it yet.
twolfson
commented
3 years ago Ah, thanks for the heads up! Yep, totally missed that one. Must have fallen through the cracks with email archiving/snoozing =/
These updates fix vulnerabilities in (dev) dependencies.
Note: nodeunit, a dev dependency, is unmaintained, and therefore one vulnerability remains. Still better than not updating at all though. :)