Update package.json #76
Comments
|
Same alert appears in
|
|
It will appear wherever Polymer 2.0 appears. |
|
Closing as it's a false flag, see request/request#2926 (comment) Extra assurance from a GH staffer: hapijs/hoek#247 (comment) |
|
Reopening as 2.16.3 is indeed infected. The false flag was for 4.2.1. |
warpech
modified the milestones:
Web Platform Team urgent issues,
WETO Update client side packages
|
This is not urgent, moving to July. |
|
Web Components Tester 6.7.0 was released this week. I suppose it might fix the vulnerabilities alerts: https://github.com/Polymer/tools/releases/tag/web-component-tester%406.7.0 Edit: it might not be enough, given this PR that was started afterwards: Polymer/tools#533 |
|
Polymer/tools#533 is still WIP |
|
Meanwhile, I can see that some of our vulnerabilities actually don't depend on it:
|
PR in Palindrom/Palindrom#213 |
|
There is a general solution that should be applied in all affected repos that have @alshakero could you pls apply it in all relevant repos? |
|
What's the status of this? |
|
It is blocked by this Palindrom/Palindrom#213 |
|
Meanwhile, can you look at other custom element repos, such as https://github.com/Starcounter/starcounter-layout-html-editor? |
|
Closing as finally done. I think all security warnings are fixed at this point except Blending's one which should be fixed here https://github.com/Starcounter/Blending/pull/277. Are you aware of any other security warnings? |
|
Do you have "Vulnerability alerts" subscribed on the page https://github.com/settings/notifications? Every day I get a daily digest with the repos that still have vulnerabilities. Today's report includes:
|
Now I do. Blending should be fixed by this PR https://github.com/Starcounter/Blending/pull/277 |
|
Closing as all fixed. |
|
Huge victory! Thanks everyone involved |
For reasons enclosed on Slack: https://starcounter.slack.com/archives/C7677F70W/p1524776857000399
The text was updated successfully, but these errors were encountered: