Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add nsp, update packages with vulnerabilities #2495

Merged
merged 2 commits into from
Feb 14, 2018
Merged

add nsp, update packages with vulnerabilities #2495

merged 2 commits into from
Feb 14, 2018

Conversation

bnchdrff
Copy link
Contributor

@bnchdrff bnchdrff commented Feb 9, 2018
edited

closes #1637

reverts #2491 which reverted work done to fix #1637

my previous PR included an update of koa-static-cache, which caused an incompatibility with koa-mount due to a koa-compose update koajs/mount#31

my final fix for this is to downgrade koa-static-cache to 4.1.1, which still fixes the vulnerability that necessitated an upgrade originally.

@bnchdrff bnchdrff requested a review from gl2748 February 9, 2018 19:33
@bnchdrff
Copy link
Contributor Author

bnchdrff commented Feb 9, 2018

snyk report: https://snyk.io/test/github/steemit/condenser/400908329f8eed3b15c9492336d1fc7abc5f972d

gl2748
gl2748 approved these changes Feb 14, 2018
View reviewed changes
Copy link
Contributor

@gl2748 gl2748 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tested locally with:
yarn run test
Worked fine.

bnchdrff and others added 2 commits February 14, 2018 16:02
@bnchdrff @originated
add nsp & run in test suite
3e76def 
fixes #1637

update some dependencies

remove medium-editor-insert-plugin

fixes #2127

fix case in property

fixes #2475

remove purest, add blueimp-file-upload

blueimp-file-upload was an implicit dependency from the medium-editor-insert-plugin
but we explicitly require it in our webpack config

update co-body

update deps (fixes #2436) and remove fsevents (unused)

update koa-static-cache

Co-authored-by: Originate <originated@users.noreply.github.com>
@bnchdrff
downgrade koa to 4.1.1
d950cde 
this still fixes the security issue but is still compatible with our other koa stuff
@bnchdrff bnchdrff force-pushed the revert-revert-2476-1637-add-nsp branch from 4009083 to d950cde Compare February 14, 2018 21:02
@bnchdrff bnchdrff merged commit 0044df9 into master Feb 14, 2018
@bnchdrff bnchdrff deleted the revert-revert-2476-1637-add-nsp branch February 14, 2018 21:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gl2748 gl2748 gl2748 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Node Security Platform should be integrated and risk should be mitigated
2 participants
@bnchdrff @gl2748