New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix FE dependabot issues #6

Closed

mwood77 opened this issue Feb 12, 2023 · 3 comments

Labels

waiting on dependencies

Milestone

Owner

mwood77 commented Feb 12, 2023

https://github.com/mwood77/winderoo/security/dependabot

mwood77 self-assigned this

mwood77 added this to the v1.0 milestone

Owner Author

mwood77 commented Feb 12, 2023

Owner Author

mwood77 commented Feb 12, 2023 •

edited

Loading

bad version of ua-parser-js is used in karma & browser-sync

https://github.com/mwood77/winderoo/security/dependabot/3
macOS not dl'd, but can verify with (on macOS & linux)
- Security issue: compromised npm packages of ua-parser-js (0.7.29, 0.8.0, 1.0.0) - Questions about deprecated npm package ua-parser-js faisalman/ua-parser-js#536 (comment)
- find / -name "package-lock.json" -exec grep --color -EHni "ua-parser-js" {} \; 2>/dev/null
https://github.com/mwood77/winderoo/security/dependabot/1
GHSA-89w7-5q45-r53w

mwood77 added the waiting on dependencies label

mwood77 removed their assignment

Owner Author

mwood77 commented Feb 11, 2024

Dependabot will not open PRs to update packages

mwood77 closed this as completed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment