Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Spencer update npm deps #4501

Merged
merged 5 commits into from
Aug 6, 2018
Merged

Spencer update npm deps #4501

merged 5 commits into from
Aug 6, 2018

Conversation

spencern
Copy link
Contributor

@spencern spencern commented Aug 5, 2018
edited
Loading

This PR updates a few dependencies to satisfy the snyk vulnerability scan.

fix: remove unused babel dynamic dev deps
Removes babel-plugin-syntax-dynamic-import @6.18.0
and babel-plugin-dynamic-import-node @1.2.0 from package-lock.json
Both were removed automatically when running meteor npm install

fix: update slugify and pin to 1.3.1
Updates slugify version from 1.3.0 (^1.2.9) to 1.3.1 and pins to 1.3.1

fix: update react to 16.4.2
Updates our pinned version of react from 16.4.1 to 16.4.2

fix: update react-dom to 16.4.2
Fixes a snyk reported vulnerability on react-dom by
bumping our pinned version from 16.4.1 to 16.4.2

fix: adds chownr to snyk ignore file
Chownr has a recently reported issue to snyk, though the issue itself
has been known for over a year. isaacs/chownr#14
This issue has been introduced via sharp via tar and tar-fs npm packages

We'll continue to follow this issue on the chownr repo. And I've added
a comment to the issue thread. isaacs/chownr#14 (comment)

spencern added 4 commits August 5, 2018 15:26
@spencern
fix: update slugify and pin to 1.3.1
f52df36 
Updates slugify version from 1.3.0 (^1.2.9) to 1.3.1 and pins to 1.3.1
@spencern
fix: remove unused babel dynamic dev deps
166c9f0 
Removes babel-plugin-syntax-dynamic-import @6.18.0
and babel-plugin-dynamic-import-node @1.2.0 from package-lock.json

Both were removed automatically when running `meteor npm install`
@spencern
fix: update react-dom to 16.4.2
aadf95f 
Fixes a snyk reported vulnerability on react-dom by
bumping our pinned version from 16.4.1 to 16.4.2
@spencern
fix: add chownr to snyk ignore file
62f5c7d 
Chownr has a recently reported issue to snyk, though the issue itself
has been known for over a year. isaacs/chownr#14
This issue has been introduced via sharp via tar and tar-fs npm packages

We'll continue to follow this issue on the chownr repo. And I've added
a comment to the issue thread.
isaacs/chownr#14 (comment)
@spencern spencern added this to the Jupiter milestone Aug 5, 2018
@spencern spencern requested a review from nnnnat August 5, 2018 23:12
nnnnat
nnnnat previously requested changes Aug 6, 2018
View reviewed changes
Copy link
Contributor

@nnnnat nnnnat left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we also bump React to version 16.4.2?

@spencern
fix: Update react from 16.4.1 to 16.4.2
104f120 
Updates pinned version of React from 16.4.1 to 16.4.2
@spencern spencern dismissed nnnnat’s stale review August 6, 2018 14:37

Updated react to 16.4.2

nnnnat
nnnnat approved these changes Aug 6, 2018
View reviewed changes
Copy link
Contributor

@nnnnat nnnnat left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

@nnnnat nnnnat merged commit c8b0d8f into release-1.14.0 Aug 6, 2018
@nnnnat nnnnat deleted the spencer-update-npm-deps branch August 6, 2018 15:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nnnnat nnnnat nnnnat approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
Jupiter
Development

Successfully merging this pull request may close these issues.
2 participants
@spencern @nnnnat