Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update marked due to CVE-2017-1000427 #23

Merged
merged 2 commits into from Feb 15, 2018
Merged

Update marked due to CVE-2017-1000427 #23

merged 2 commits into from Feb 15, 2018

Conversation

roback
Copy link
Member

@roback roback commented Feb 14, 2018

https://nvd.nist.gov/vuln/detail/CVE-2017-1000427

Marked is a dependency of jsdoc. Added marked as a dev dependency to be able to update it to latest version. This is just a temporary fix until jsdoc/jsdoc#1489 has been released.

Idea from jsdoc/jsdoc#1489 (comment)

Related to #22

@roback
Update marked due to CVE-2017-1000427
209104f 
Marked is a dependency of jsdoc. Added marked as a dev dependency to
be able to update it to latest version. This is just a temporary fix
until jsdoc/jsdoc#1489 has been released.

Idea from jsdoc/jsdoc#1489 (comment)

Related to #22

https://nvd.nist.gov/vuln/detail/CVE-2017-1000427
@walro
Copy link
Contributor

walro commented Feb 14, 2018

Failures could potentially be because we run against latest node. Maybe we should only test against maintained LTS versions? See: https://github.com/nodejs/Release

@roback
Copy link
Member Author

roback commented Feb 14, 2018

nock-vcr which we use to record fixtures hasn't been touched in 5 years. That might also be part of the problem.

@roback
Copy link
Member Author

roback commented Feb 14, 2018

The tests fails on Node v9.5.0 in master as well, so the failures is not caused by the changes in this PR.

@roback roback mentioned this pull request Feb 14, 2018
Closed
@roback
Allow tests to fail on latest node version
f7d0a5a 
I'm not sure this works or if you have to specify an exact version
for "allow_failures". Anyway, this is just a temporary fix until #24 has
been solved.

Also cleaned up the version we test against:
* 5.x and 7.x removed as their EOL was at 2016-06-30
* 8.x is the current active LTS release

(see https://github.com/nodejs/Release)
@roback roback merged commit 6ceff3c into master Feb 15, 2018
@roback roback deleted the update-marked-dependency branch February 15, 2018 14:42
@roback roback mentioned this pull request Feb 15, 2018
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@walro walro walro approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@roback @walro