Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

updated saucelabs and lodash versions to fix security vulnerabilities #231

Merged
merged 1 commit into from Jan 6, 2019
Merged

updated saucelabs and lodash versions to fix security vulnerabilities #231

merged 1 commit into from Jan 6, 2019

Conversation

digitalfrost
Copy link
Contributor

Updated lodash fixes: https://nodesecurity.io/advisories/577

Updated saucelabs fixes: https://nodesecurity.io/advisories/593

According to npm audit these should be a non breaking changes

This was referenced Nov 5, 2018
Open
Closed
@admc
Copy link

admc commented Nov 5, 2018

Cool!

@Jonahss
Copy link
Collaborator

Jonahss commented Nov 5, 2018

@digitalfrost you have publish permissions for this module, right?

Also, hi @admc !

gcbw
gcbw approved these changes Nov 5, 2018
View reviewed changes
Copy link

@gcbw gcbw left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

@digitalfrost
Copy link
Contributor Author

@Jonahss - no I do not have publish permissions for this module.

@Jonahss
Copy link
Collaborator

Jonahss commented Nov 6, 2018

@digitalfrost Oh ok, I'll see what I can do.
Do you use grunt-saucelabs often?

@digitalfrost
Copy link
Contributor Author

@Jonahss - not directly - this issue affects the popular p5.js library as it uses grunt-saucelabs....

@mar10
Copy link
Contributor

mar10 commented Jan 6, 2019

@axemclion or @Jonahss could you please merge this PR and release?

@Jonahss
Copy link
Collaborator

Jonahss commented Jan 6, 2019

Thank you for the ping @mar10. I've just joined Jonathan Lipps as an Appium consultant at Cloud Grey so I'll be back in the testing industry! Will be able to be much more involved and responsive.

I was having trouble running the tests for this repository. I will merge your changes and publish now, but double check to make sure that everything works for you.

@Jonahss Jonahss merged commit a1168fb into axemclion:master Jan 6, 2019
@Jonahss
Copy link
Collaborator

Jonahss commented Jan 6, 2019

published as v9.0.1

@mar10
Copy link
Contributor

mar10 commented Jan 6, 2019

@Jonahss that was fast, thank you very much! Good to hear this cool tool gets some attention again.
Btw. I was just pinging. Kudos for the patch go to @digitalfrost ;-)

@mar10
Copy link
Contributor

mar10 commented Jan 6, 2019

btw. npm audit fix now fixed the high-classified warning and some.
There is still a low and a medium one, that might get fixed by bumping requestretry to the latest version 3.1.0, but this would be a potentially breaking change since it increments the major version?

@Jonahss
Copy link
Collaborator

Jonahss commented Jan 7, 2019

well if you can read the changes made in the newer version, maybe we could easily switch to it?

@mar10 mar10 mentioned this pull request Jan 7, 2019
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gcbw gcbw gcbw approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@digitalfrost @admc @Jonahss @mar10 @gcbw