-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update package.json #76
Comments
Same alert appears in
|
It will appear wherever Polymer 2.0 appears. |
Closing as it's a false flag, see request/request#2926 (comment) Extra assurance from a GH staffer: hapijs/hoek#247 (comment) |
Reopening as 2.16.3 is indeed infected. The false flag was for 4.2.1. |
This is not urgent, moving to July. |
Web Components Tester 6.7.0 was released this week. I suppose it might fix the vulnerabilities alerts: https://github.com/Polymer/tools/releases/tag/web-component-tester%406.7.0 Edit: it might not be enough, given this PR that was started afterwards: Polymer/tools#533 |
Polymer/tools#533 is still WIP |
Meanwhile, I can see that some of our vulnerabilities actually don't depend on it:
|
PR in Palindrom/Palindrom#213 |
There is a general solution that should be applied in all affected repos that have @alshakero could you pls apply it in all relevant repos? |
What's the status of this? |
It is blocked by this Palindrom/Palindrom#213 |
Meanwhile, can you look at other custom element repos, such as https://github.com/Starcounter/starcounter-layout-html-editor? |
Closing as finally done. I think all security warnings are fixed at this point except Blending's one which should be fixed here https://github.com/Starcounter/Blending/pull/277. Are you aware of any other security warnings? |
Do you have "Vulnerability alerts" subscribed on the page https://github.com/settings/notifications? Every day I get a daily digest with the repos that still have vulnerabilities. Today's report includes:
|
Now I do. Blending should be fixed by this PR https://github.com/Starcounter/Blending/pull/277 |
Closing as all fixed. |
For reasons enclosed on Slack: https://starcounter.slack.com/archives/C7677F70W/p1524776857000399
The text was updated successfully, but these errors were encountered: