Ensure to have secure dependencies (decompress & download) #7537

preshetin · 2020-04-02T18:48:23Z

What did you implement

Update to secure versions of decompress & download dependencies.

Run npm audit and you'll get this in the end (no high severity):

found 25 vulnerabilities (24 low, 1 moderate) in 8084 scanned packages
  run `npm audit fix` to fix 24 of them.

Useful Scripts

npm run test:ci --> Run all validation checks on proposed changes
npm run lint:updated --> Lint all the updated files
npm run lint:fix --> Automatically fix lint problems (if possible)
npm run prettier-check:updated --> Check if updated files adhere to Prettier config
npm run prettify:updated --> Prettify all the updated files

Is this ready for review?: YES
Is it a breaking change?: NO

neverendingqs · 2020-04-02T19:23:28Z

FYI it sounds like this is done as part of every release: #7531 (comment)

preshetin · 2020-04-02T19:26:29Z

@neverendingqs thanks Mark for letting me know. So should I better close this PR?

neverendingqs · 2020-04-02T19:28:32Z

@preshetin yes I believe so.

Besiara · 2020-05-15T09:07:55Z

Why you closed this PR, looks like the issue still persists. A version of download should be updated to 8.0.0

chore: Ensure to update to secure dependencies

f050d59

preshetin closed this Apr 2, 2020

preshetin deleted the vulnerable-dependencies-decompress branch April 30, 2020 11:24