Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove npm audit whitelisted package - Acorn #5814

Closed
1 task
sareh opened this issue Mar 9, 2020 · 2 comments · Fixed by #6128
Closed
1 task

Remove npm audit whitelisted package - Acorn #5814

sareh opened this issue Mar 9, 2020 · 2 comments · Fixed by #6128
Assignees
@j-pendlebury
Labels
ws-articles Tasks for the WS Articles Team ws-media World Service Media
Projects
Simorgh

Comments

@sareh
Copy link
Contributor

sareh commented Mar 9, 2020
edited by FK78

Is your feature request related to a problem? Please describe.
In #5811 we added acorn to the audit-ci whitelist, since other dependencies of ours need to include the updated acorn dependency.

We should remove the --whitelist acorn from the script.

Describe the solution you'd like
After these PRs that should patch the vulnerabilities:

We should update our dependencies and remove the whitelist.

Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.

Testing notes
[Tester to complete]

Dev insight: Will Cypress tests be required or are unit tests sufficient? Will there be any potential regression? etc

  • This feature is expected to need manual testing.

Additional context
Add any other context or screenshots about the feature request here.
@sareh sareh added blocked This issue should not be worked on until another internal issue is completed - see desc for details ws-articles Tasks for the WS Articles Team ws-home ws-media World Service Media labels Mar 9, 2020
@sareh sareh added this to To do in Simorgh via automation Mar 9, 2020
@FK78 FK78 moved this from To do to Blocked (by something outside pod) in Simorgh Mar 9, 2020
@mulholo
Copy link

mulholo commented Mar 10, 2020

Webpack bundle analyzer done for you! webpack-contrib/webpack-bundle-analyzer#339

@j-pendlebury j-pendlebury changed the title Remove npm audit whitelisted package Remove npm audit whitelisted package - Acorn Mar 17, 2020
@j-pendlebury j-pendlebury mentioned this issue Mar 17, 2020
Closed
1 task
@FK78
Copy link
Contributor

FK78 commented Apr 6, 2020

Webpack has patched the vulnerability: https://github.com/webpack/webpack/releases/tag/v4.42.1

@FK78 FK78 removed the blocked This issue should not be worked on until another internal issue is completed - see desc for details label Apr 6, 2020
@FK78 FK78 moved this from Blocked (by something outside pod) to Ready for dev in Simorgh Apr 6, 2020
@j-pendlebury j-pendlebury self-assigned this Apr 6, 2020
@j-pendlebury j-pendlebury moved this from Ready for dev to Issue in Progress in Simorgh Apr 6, 2020
@j-pendlebury j-pendlebury mentioned this issue Apr 7, 2020
Merged
4 tasks
Simorgh automation moved this from Issue in Progress to Done Apr 16, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@j-pendlebury j-pendlebury

Labels
ws-articles Tasks for the WS Articles Team ws-media World Service Media
Projects
No open projects
Simorgh
Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Update dependencies bbc/simorgh
4 participants
@sareh @j-pendlebury @mulholo @FK78