Security updates #3633
Security updates #3633
Conversation
client/package.json
Outdated
| @@ -108,7 +108,7 @@ | |||
| "start-production": "NODE_ENV=production node server.js", | |||
| "test": "jest", | |||
| "coveralls": "cat coverage/lcov.info | coveralls", | |||
| "lint": "eslint app server.js && stylelint src && sass-lint -v", | |||
| "lint": "eslint app server.js && stylelint --allow-empty-input src && sass-lint -v", | |||
There was a problem hiding this comment.
There was a problem hiding this comment.
ccing @bboreham too.
| @@ -108,7 +108,7 @@ | |||
| "start-production": "NODE_ENV=production node server.js", | |||
| "test": "jest", | |||
| "coveralls": "cat coverage/lcov.info | coveralls", | |||
| "lint": "eslint app server.js && stylelint --allow-empty-input src && sass-lint -v", | |||
| "lint": "eslint app server.js && stylelint app/scripts && sass-lint -v", | |||
There was a problem hiding this comment.
I played around with stylelint-scss and other things, to no avail. As somebody not knowledgeable, this takes a bit much time to investigate. Happy to file an issue about this to track it further.
There was a problem hiding this comment.
I retract my last comment. Apparently we run sass-lint over the files in this directory. The current fix should be good. A look over it from Simon or Filip wouldn't hurt though.
There was a problem hiding this comment.
There is no directory src in the same place as app/scripts, so this line wasn't checking anything before?
There was a problem hiding this comment.
Yes. I didn't do any git archaeology to find out if there ever was a src directory, but at least this is checking the scripts now and as a I said, sass-lint takes care of the rest.
|
Clarification: they are not "known security issues in Scope", they are "known security issues in the dependencies, which are not believed to affect Scope but best to be safe". |
|
Thanks for the clarification, yes. |
dholbach
force-pushed
the
security-updates
branch
from
9bc1b6c to
8602915
Compare
I updated a bunch of Javascript dependencies to eliminate some known security issues in Scope. Probably not all of them are fixed in this round, it also brings us closer to upstream's latest and greatest.