Security updates - Githubissues

wayneashleyberry / wunderline

✅️ Command-line client for Wunderlist, the easiest way to get stuff done.

https://git.io/vM45l

MIT License

310 stars 29 forks source link

Security updates #119

Closed wayneashleyberry closed 6 years ago

wayneashleyberry commented 6 years ago

[x] Updates dependencies to fix security warnings.
[x] Updates node versions on Travis
[x] Removes Code Climate reporting, sadly the package is riddled with security issues

Thor77 commented 6 years ago

Removes Code Climate reporting, sadly the package is riddled with security issues

Uh, I don't think that's a good reason to remove the badge + reporting. I think we should try to fix those issues instead.

wayneashleyberry commented 6 years ago

@Thor77 the code climate reporter we were using has critical security issues and has been deprecated. It's nice to have, and we can look into integrating their new reporter.

But considering the following warnings, I thought it best to remove it as soon as possible.

[!] 8 vulnerabilities found [180 packages audited]
    Severity: 1 Low | 5 Moderate | 1 High | 1 Critical
    Run `npm audit` for more detail

Thor77 commented 6 years ago

Oh, you're absolutely right. I understood your message as

Removes Code Climate reporting, sadly the package [wunderline] is riddled with security issues

and therefore it seemed like a bad decision to me. But yeah, integrating the new reporter is still a good idea.