Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Resolve vulnerable dependencies #77

Merged
merged 9 commits into from
Feb 2, 2024
Merged

Conversation

harveysanders
Copy link
Contributor

@harveysanders harveysanders commented Jan 31, 2024

  • Update mkdirp
  • npm audit fix
  • Fix lint errors
  • Remove view
  • Remove octonode and unused functions
  • Remove fs-json
  • Remove cli-view

TODO:

  • Update minimist/mkdirp
  • Update mocha (probably a new PR)
  • update eslint
$ npm list minimist 
[email protected] 
├─┬ [email protected]
│ ├─┬ [email protected]
│ │ └─┬ [email protected]
│ │   └─┬ [email protected]
│ │     └─┬ [email protected]
│ │       └── [email protected] deduped
│ └─┬ [email protected]
│   └── [email protected]
└─┬ [email protected]
  └─┬ [email protected]
    └── [email protected]

@harveysanders harveysanders marked this pull request as ready for review January 31, 2024 22:08
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this module was created by John if you needed to update/maintain it directly https://www.npmjs.com/package/fs-json

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, I know. I didn't want to update upstream at this time.

const { home } = require('../controller/env');
const os = require('node:os');
const path = require('path');
/* global describe it before afterEach */
require('mocha');
require('should');
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

are these requires necessary?

require('mocha');
require('should');

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure. I made (or will make) an issue to update Mocha. I started it on this PR but it broke everything, so I reverted for now.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

for sure. I'm pretty sure when you run the tests with mocha, that mocha exists in the global scope. It may be that these are meant to be run for projects (within the tool) and not the tests for the tool.. you could probably answer that more clearly, since you've been poking around the tool

@@ -40,8 +22,6 @@ const test = proxyquire('../controller/test', {
}
});
const projectsDirectory = './test/files/environment/projects';
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should the path module be used here?


/**
*
* @param {{ session: *, projectAction: string}} param0
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is the * interpreted as any?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yeah

projects.action = () => 'shelve';
projects.action = 'shelve';
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

was this being invoked somewhere?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I put it back. It was changed for a type error caused by this code. It's fixed now

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

word

Copy link
Contributor

@ptbarnum4 ptbarnum4 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good. Left some comments, some are unrelated to the code that was changed

@harveysanders harveysanders merged commit dad768d into master Feb 2, 2024
1 check passed
@harveysanders harveysanders deleted the security/update-deps branch February 2, 2024 23:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants