Skip to content
This repository has been archived by the owner on Mar 27, 2024. It is now read-only.

Fix vulnerabilities by upgrading packages #29

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Conversation

Lignum
Copy link
Member

@Lignum Lignum commented Feb 27, 2019

We had 3 vulnerabilities, one of them highly severe. I've updated all packages, and I don't expect breakage, but test it just in case. (I don't know how to use shittydl).

@Lignum Lignum added the bug label Feb 27, 2019
@Lignum Lignum requested a review from Lemmmy February 27, 2019 16:28
@Wojbie
Copy link
Collaborator

Wojbie commented Feb 27, 2019

Ok so i am not node master but isin't confirmed versioning change due to vulns ect be supposed to be done/upped in package.json and package-lock.json is just a image of a working version of dependencies? I know that both are supposed to be commited.

@Lemmmy
Copy link
Member

Lemmmy commented Feb 28, 2019

package-lock.json is a dark art that nobody understands and everybody leaves to be

In seriousness, for some reason it seems to get updated whenever anybody runs npm install, even if no deps are added, removed, or updated, so I'm kind of baffled to what its real function is

@Lemmmy Lemmmy force-pushed the master branch 2 times, most recently from 0ae14e8 to 2b80b4f Compare January 12, 2020 14:22
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants