Skip to content
This repository has been archived by the owner on Aug 20, 2020. It is now read-only.

Pull Request for Issue #86 - Fix dependency vulnerabilities #87

Closed
wants to merge 15 commits into from
Closed

Pull Request for Issue #86 - Fix dependency vulnerabilities #87

wants to merge 15 commits into from

Conversation

robincher
Copy link
Contributor

@robincher robincher commented May 16, 2018
edited
Loading

Fixes #86

Checklist

  • I have made a material change to the repo (functionality, testing, spelling, grammar)
  • I have read the [Contribution Guide] and my PR follows them.
  • I updated my branch with the master branch.
  • I have added tests that prove my fix is effective or that my feature works
  • I have added necessary documentation about the functionality in the appropriate .md file
  • I have added in line documentation to the code I modified

Short description of what this PR does:

  • Update esdoc dev dependency version
  • Remove away marked (sub-dependency of esdoc) vulnerability
  • Bump package.json version by minor increment
  • Update License End-Year based on existing test requirement

@SendGridDX
Copy link

SendGridDX commented May 16, 2018
edited
Loading

CLA assistant check
All committers have signed the CLA.

@robincher
Copy link
Contributor Author

robincher commented May 16, 2018
edited
Loading

Additional vulnerabilities was flagged out by running npm audit, and it was suggested to bump up mocha version to 5.x.x. Should i fix that within this Pull request too? @thinkingserious @mbernier

@robincher robincher mentioned this pull request May 16, 2018
Closed
@thinkingserious
Copy link
Contributor

This is awesome @robincher!

I've added this to our backlog for a review and merge.

With Best Regards,

Elmer

thinkingserious
thinkingserious suggested changes Oct 2, 2018
View reviewed changes
package.json Outdated
@@ -5,7 +5,7 @@
],
"name": "sendgrid-rest",
"description": "HTTP REST client, simplified for Node.js.",
"version": "2.4.0",
"version": "2.4.1",
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please set this back to 2.4.0. I will be updating the version number at the next release. Thanks!

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Got it, will commit the corresponding package-lock.json too

@robincher
Copy link
Contributor Author

robincher commented Oct 3, 2018
edited
Loading

Hi @thinkingserious , additionally i updated the dev dependency - mocha to the latest. The previous version 2.x.x was having vulnerabilities if you run npm audit. I have run the local test and its all good

Update
Seems like the latest Mocha will caused the build to failed , especially at the latest node version. Maybe i can do another PR to fix this while updating travis config?

@thinkingserious
Copy link
Contributor

Note to code reviewers: we need to make sure none of these updates are breaking changes.

@thinkingserious
Copy link
Contributor

Hello @robincher,

Thanks again for the PR!

It's HACKTOBERFEST! We want to show our appreciation by sending you some special Hacktoberfest swag. If you have not already, could you please fill out this form so we can send it to you? Thanks!

Team SendGrid DX

@robincher
Copy link
Contributor Author

Opps sorry @thinkingserious , i have a separate PR (incoming), so i have reverted the wrong commits. Need you to resign the CLA again :(

@robincher
Merge remote-tracking branch 'upstream/master'
c1c0f96 
Mege upstream commits for mocha
@thinkingserious thinkingserious mentioned this pull request Dec 17, 2019
Merged
@thinkingserious
Copy link
Contributor

thinkingserious commented Dec 26, 2019
edited
Loading

Closing in favor of #117

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@thinkingserious thinkingserious thinkingserious approved these changes

Assignees
No one assigned
Labels
difficulty: medium hacktoberfest status: code review request status: hacktoberfest approved type: security
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Remove marked security vulnerability
3 participants
@robincher @SendGridDX @thinkingserious