Do periodic security update (yarn audit) #504
Comments
|
Adding: #506 (sinon) |
|
Adding: #507 (minimist, again) |
|
Adding:
|
|
Adding: #511 (lodash, again) |
|
Adding: #512 (opn) |
|
Adding: #516 (node-bourbon) |
|
Adding: #520 (npm-keyword) |
|
Adding: #523 ( 🤦♂️ — no idea what actually changed between these revs (compare link doesn't work) as we don't actually control the release process. Will have to download them and compare to see the difference... Can't see any security-related differences (ie. no dependencies change). |
|
Adding: #525 ( Although TBH will probably move this project into the monorepo before doing this next update. |
|
Adding: #526 ( |
|
Adding: #527 ( |
|
Adding: #529 ( 🤦♂️ — I love it when dependabot tells us about our own projects... |
|
Adding: #530 ( |
|
Adding: #531 ( |
|
Adding: #532 ( |
|
Adding: #537 ( |
|
Won't be doing this in this repo — we've migrated over here. |
This issue is a reminder to do a periodic security update; analogous to the issue we opened in liferay-npm-tools.
This substitutes these currently open dependabot PRs:
Will also be pushing a PR analogous to this one, which will update our dependabot config.
Please see #199 for some historical context about
yarn auditin this repo; I expect we'll keep that open as the "reference" issue containing our overall policy for security-related updates in this repo, and create smaller issues like this one for periodic updates. (This repo has some old legacy dependencies, but is mostly internal/developer facing with little or no production-level/runtime exposure, so the audit output is simultaneously very noisy, but needs to be weighed appropriately given the factors which significantly mitigate risks.)The text was updated successfully, but these errors were encountered: