Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

npm detects vulnerability #53

Closed
guidupuy opened this issue Oct 19, 2019 · 3 comments · Fixed by #55
Closed

npm detects vulnerability #53

guidupuy opened this issue Oct 19, 2019 · 3 comments · Fixed by #55
Assignees
@onderceylan
Labels
bug Something isn't working external-dependency Process is blocked by external dependency released

Comments

@guidupuy
Copy link

Describe the bug
When running npm audit, a high severity vulnerability is detected

To Reproduce
Steps to reproduce the behavior:

  1. Execute cli command npm audit

Expected behavior
No vulnerability gets flagged

System (please complete the following information):

  • macOS Catalina
  • node version v10.16.0
  • npm version 6.9.0
  • cli version 1.1.6

Screenshots
Screen Shot 2019-10-19 at 11 23 37 PM

Additional context
None
@guidupuy guidupuy added bug Something isn't working needs verification Bug needs to be verified with reproduction labels Oct 19, 2019
@guidupuy guidupuy changed the title npm detects vulnerability npm detects vulnerability Oct 19, 2019
@onderceylan onderceylan added external-dependency Process is blocked by external dependency and removed needs verification Bug needs to be verified with reproduction labels Oct 19, 2019
@onderceylan
Copy link
Collaborator

Hi @guidupuy, thanks for the report. I just created an issue on puppeteer repo. I will upgrade the package as soon as there's an update over puppeteer/puppeteer#5055

@onderceylan
Copy link
Collaborator

Looks like the change is done on puppeteer, awaiting the release. It can be watched over here: puppeteer/puppeteer#5016. As soon as it's released, I'll bump puppeteer version and publish a new version for pwa-asset-generator.

onderceylan added a commit that referenced this issue Oct 24, 2019
@onderceylan
fix(package): suppressed security warning by changing pkg v strategy
3eeaaa4 
Suppressed security warning for now by changing package versioning strategy

fix #53
@onderceylan onderceylan mentioned this issue Oct 24, 2019
Merged
onderceylan added a commit that referenced this issue Oct 25, 2019
@onderceylan
fix(package): suppressed security warning by changing pkg v strategy
9987e39 
Suppressed security warning for now by changing package versioning strategy

fix #53
onderceylan pushed a commit that referenced this issue Oct 25, 2019
@semantic-release-bot
chore(release): 2.0.0 [skip ci]
13d8f90 
# [2.0.0](v1.3.1...v2.0.0) (2019-10-25)

### Bug Fixes

* **browser:** added error handling for chrome-launcher ([c6ed23a](c6ed23a)), closes [#50](#50)
* **package:** suppressed security warning by changing pkg v strategy ([9987e39](9987e39)), closes [#53](#53)

### Features

* **file:** avoided saving a shell html file ([b96d545](b96d545)), closes [#52](#52)
* **icon:** added optional favicon generation ([699686a](699686a)), closes [#47](#47)
* **main:** added dark mode support for iOS ([f4aca1c](f4aca1c)), closes [#51](#51)
* **pptr:** switched over puppeteer-core to avoid chromium install ([05edb2e](05edb2e)), closes [#50](#50)
* **pwa:** added single quotes option for generated HTML tags ([351a3cc](351a3cc)), closes [#49](#49)

### BREAKING CHANGES

* **main:** generateImages method from the module API now returns HTMLMeta object with the
chunks of HTML content, instead of one big HTML string
@onderceylan
Copy link
Collaborator

🎉 This issue has been resolved in version 2.0.0 🎉

The release is available on:

Your semantic-release bot 📦🚀

@onderceylan onderceylan self-assigned this Nov 10, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@onderceylan onderceylan

Labels
bug Something isn't working external-dependency Process is blocked by external dependency released
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

v2.0.0 release elegantapp/pwa-asset-generator
2 participants
@guidupuy @onderceylan