Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update package-lock.json #384

Closed
dougaitken opened this issue Jan 10, 2018 · 3 comments
Closed

Update package-lock.json #384

dougaitken opened this issue Jan 10, 2018 · 3 comments

Comments

@dougaitken
Copy link
Member

dougaitken commented Jan 10, 2018
edited
Loading

Yo @nylen you able to grab this and walk me through a how-to for similar?

https://github.com/remoteintech/remote-jobs/blob/3bbfe49a51f7765b07aaf489580f731196e75cf1/package-lock.json

Cheers!
@nylen
Copy link
Collaborator

nylen commented Jan 10, 2018

I assume that GitHub is complaining about one of our dependencies or sub-dependencies, but I can't see which one since this feature is limited to repo admins by default: https://help.github.com/articles/about-security-alerts-for-vulnerable-dependencies/

I usually use this tool to update dependencies: https://github.com/tjunnone/npm-check-updates

@dougaitken
Copy link
Member Author

Yea, for some reason the comment cut off a line:

"The marked dependency defined in package-lock.json has a known moderate severity security vulnerability in version range < 0.3.9 and should be updated. Review vulnerable dependency"

Hah. I'll try that myself tomorrow or something but I'll probably break it 😂

@nylen nylen mentioned this issue Jan 10, 2018
Merged
@nylen
Copy link
Collaborator

nylen commented Jan 10, 2018

See #387. Here's what I did:

✓ james@xps15 ~/code/remote-jobs $ npm install -g npm-check-updates
/home/james/.nvm/versions/node/v9.3.0/bin/npm-check-updates -> /home/james/.nvm/versions/node/v9.3.0/lib/node_modules/npm-check-updates/bin/npm-check-updates
/home/james/.nvm/versions/node/v9.3.0/bin/ncu -> /home/james/.nvm/versions/node/v9.3.0/lib/node_modules/npm-check-updates/bin/ncu
+ [email protected]
updated 10 packages in 19.993s
✓ james@xps15 ~/code/remote-jobs $ ncu
Using /home/james/code/remote-jobs/package.json
[..................] / :
The following dependency is satisfied by its declared version range, but the installed version is behind. You can install the latest version without modifying your package file by using npm update. If you want to update the dependency in your package file anyway, run ncu -a.

 marked  ^0.3.7  →  ^0.3.12 

✓ james@xps15 ~/code/remote-jobs $ ncu -a
Using /home/james/code/remote-jobs/package.json
[..................] - :
 marked  ^0.3.7  →  ^0.3.12 

Upgraded /home/james/code/remote-jobs/package.json

✓ james@xps15 ~/code/remote-jobs $ npm install
npm WARN remote-jobs No repository field.
npm WARN remote-jobs No license field.

updated 1 package in 1.13s

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dougaitken @nylen