New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Publish latest version to registry #25
Labels
Comments
The mocha version has no bearing on the security of actual use because it
is only used to test this module, but it would make sense for us to publish
yes.
…On Thu, Jan 20, 2022 at 8:30 AM Marius Korte ***@***.***> wrote:
Hi,
I was encountering security issues when auditing because of the old Mocha
version.
I saw that you recently updated the Mocha version used, but it seems like
you did not publish it to the registry (last update 2 years ago).
May I ask you to publish it so I can receive your patch via NPM?
—
Reply to this email directly, view it on GitHub
<#25>, or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAAH27JOR7MZ5DRTAKHML63UXAE6LANCNFSM5MMYFCXQ>
.
Triage notifications on the go with GitHub Mobile for iOS
<https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675>
or Android
<https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>.
You are receiving this because you are subscribed to this thread.Message
ID: ***@***.***>
--
THOMAS BOUTELL | CHIEF TECHNOLOGY OFFICER
APOSTROPHECMS | apostrophecms.com | he/him/his
|
Yeah I know that, but as it is listed as a prod dependency in the published version from April 2020, the audit throws a warning. |
Quite right. Would you like to submit a PR to make this a devDependency?
…On Thu, Jan 20, 2022 at 12:11 PM Marius Korte ***@***.***> wrote:
Yeah I know that, but as it is listed as a prod dependency in the
published version from April 2020, the audit throws a warning.
—
Reply to this email directly, view it on GitHub
<#25 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAAH27JZ3JII6ELR5EBT35LUXA63FANCNFSM5MMYFCXQ>
.
Triage notifications on the go with GitHub Mobile for iOS
<https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675>
or Android
<https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>.
You are receiving this because you commented.Message ID:
***@***.***>
--
THOMAS BOUTELL | CHIEF TECHNOLOGY OFFICER
APOSTROPHECMS | apostrophecms.com | he/him/his
|
This has already been done in #18. Unfortunately this change is also not in the registry yet. |
This was published yesterday. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi,
I was encountering security issues when auditing because of the old Mocha version as a productive dependency.
I saw that you recently updated the Mocha version used and in 2020 also changed it to a dev dependency, but it seems like you did not publish it to the registry since then.
May I ask you to publish it so I can receive your patch via NPM?
The text was updated successfully, but these errors were encountered: