Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Address Security and Unused Package Issues #10

Merged
merged 1 commit into from
Sep 6, 2018
Merged

Address Security and Unused Package Issues #10

merged 1 commit into from
Sep 6, 2018

Conversation

yuliyv
Copy link

@yuliyv yuliyv commented Sep 6, 2018

There were several issues with the package.json that this PR resolves

  • clayutils, nymag-fs, and xml-js were not used anywhere
  • lodash was not explicitly included as a dev dependency even though it is explicitly used by our tests
  • Security issue with lodash@4.17.4
  • Security issue with sshpk@1.13.1
    • This one is particularly hairy. coveralls requires http-signature which requires sshpk. The PR into http-signature for the fix is getting ignored, so instead I have just included the package explicitly in our repository so that we stop requiring the version which has the vulnerability

Additionally the logging had amphoraSearchVersion instead of amphoraRss version in the metadata.

@coveralls
Copy link

Pull Request Test Coverage Report for Build 39

  • 0 of 0 changed or added relevant lines in 0 files are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage remained the same at 100.0%
Totals Coverage Status
Change from base Build 37: 0.0%
Covered Lines: 136
Relevant Lines: 136
💛 - Coveralls

amycheng
amycheng approved these changes Sep 6, 2018
View reviewed changes
Copy link

@amycheng amycheng left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💯 PR description

@yuliyv yuliyv merged commit 88b1e89 into clay:master Sep 6, 2018
@yuliyv yuliyv deleted the package-cleanup branch September 6, 2018 19:32
This was referenced Sep 6, 2018
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jonwinton jonwinton jonwinton approved these changes

@amycheng amycheng amycheng approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@yuliyv @coveralls @amycheng @jonwinton