Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dep. - Update vulnerable dependencies ('AVA', 'json-schema') #98

Closed
5 tasks done
elycruz opened this issue Jul 20, 2022 · 1 comment
Closed
5 tasks done

Dep. - Update vulnerable dependencies ('AVA', 'json-schema') #98

elycruz opened this issue Jul 20, 2022 · 1 comment
Assignees
@elycruz
Labels
dependencies Pull requests that update a dependency file enhancement

Comments

@elycruz
Copy link
Owner

elycruz commented Jul 20, 2022
edited

We need to upgrade currently vulnerable dependencies in the repo - Latest npm audit shows to vulnerabilities one critical and another moderate which should be updated.

Additionally part of the dependencies upgrade solves an issue with installing the latest version of the plugin on *nix systems (see issue #97 ).

Acceptance Criteria

Perform required updates:

  • Run npm audit fix on repo.
  • Upgrade 'ava' version to a minimum of 4.3.1.
    • Take a look at "Breaking Changes" section, in AVA 4 release notes
    • Fix tests which break after update.
    • Make required changes from (AVA 4) release notes.
@elycruz elycruz self-assigned this Jul 20, 2022
@elycruz elycruz added enhancement dependencies Pull requests that update a dependency file labels Jul 20, 2022
elycruz added a commit that referenced this issue Jul 20, 2022
@elycruz
issue-#98,#97 - Ran 'npm audit fix'.
198c1d3 
- Updated 'ava' package version.
@elycruz elycruz mentioned this issue Jul 20, 2022
Closed
elycruz added a commit that referenced this issue Jul 20, 2022
@elycruz
issue-#98,#97 - Updated 'ts-node' and 'typescript' versions.
82dc1c8 
- Added '@ava/typescript' module to package (required by latest version of AVA).
- Updated tests to follow new syntax for 'after', and 'before, methods.
elycruz added a commit that referenced this issue Jul 20, 2022
@elycruz
#97, #98 - Ran 'npm run build' with latest typescript version.
e67d9a5
elycruz added a commit that referenced this issue Jul 20, 2022
@elycruz
#97, #98 - Added './ts3.5' directory files that were missed in previo…
99e5fa6 
…us commit.
elycruz added a commit that referenced this issue Jul 20, 2022
@elycruz
#97, #98 - Added './.npmignore' file.
029f101
elycruz added a commit that referenced this issue Jul 20, 2022
@elycruz
#97, #98 - Updated 'clean-and-run*' script's 'completed successfully'…
b43966f 
… message.

- Ran auto format on 'clean-and-run' script.
elycruz added a commit that referenced this issue Jul 20, 2022
@elycruz
#97, #98 - Updated package version.
3af202b
@elycruz elycruz mentioned this issue Jul 20, 2022
Merged
elycruz added a commit that referenced this issue Jul 21, 2022
@elycruz
#98 - Updated plugins 'custom' sass file importer to enforce load order.
bd90509 
- Updated 'SassImporterResult' type to match Sass's 'LegacyImporterResult' - We had defined our type because the version of sass the library using, and sass versions users might be using, did not/may not contain this type (so basically our type was that type but slightly imprecise (we had both 'file?:...', and 'content?:...'  as part of the same interface, but actually they need to be separate ones (:-))).
elycruz added a commit that referenced this issue Jul 21, 2022
@elycruz
#98 - Added note in 'getImporterList()' method.
2885fce
elycruz added a commit that referenced this issue Jul 21, 2022
@elycruz
Merge pull request #99 from differui/dev
184288d 
issue-#97 and #98 - Fix vulnerable dependencies
elycruz added a commit that referenced this issue Jul 21, 2022
@elycruz
#98 - Rebuilt artifacts.
909ff2d
elycruz added a commit that referenced this issue Jul 21, 2022
@elycruz
#98 - Re-built artifacts.
cec1be6
elycruz added a commit that referenced this issue Jul 21, 2022
@elycruz
#98 - Re-generated package-lock.json.
282f420 
- Updated package version.
elycruz added a commit that referenced this issue Jul 21, 2022
@elycruz
#98 - Updated package version.
b97c3fb
@elycruz
Copy link
Owner Author

elycruz commented Jul 21, 2022
edited

Issue fixed in #99 - Changes published in release https://github.com/differui/rollup-plugin-sass/releases/tag/1.12.13 .

@elycruz elycruz closed this as completed Jul 21, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@elycruz elycruz

Labels
dependencies Pull requests that update a dependency file enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@elycruz