Run automatic fix for open advisories #41
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
`npm audit fix` run on top of commit b919d1d, solves: * https://www.npmjs.com/advisories/755 * https://www.npmjs.com/advisories/788 * https://www.npmjs.com/advisories/813 The following advisory remains unaddressed: * https://www.npmjs.com/advisories/745
|
FYI I just opened a PR on |
|
Thanks you, I just came here open a ticket for this |
|
Thank u for the pr, I will merge it asap |
|
Done, version 2.5.3 has been released. |
|
Thanks for the very quick response time! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
npm audit fixrun on top of commit b919d1d, solves:The following advisory remains unaddressed:
Further details
We're trying to get rid of open advisories as advertised by
npm auditin https://github.com/digital-asset/daml-js, some of which lead to this project. The expected security risk is very low, but we'd still like to get the low hanging fruits.I haven't been able to run
npm testto verify I didn't introduce any regression, is there something I'm missing on how to run tests on this project?I'd like to take advantage of this situation to thank you for the work you have done on this project. I hope I can contribute something more substantial to it in the future. 🙂