Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix most npm audit errors, exclude advisory 1556 #6661

Merged
merged 1 commit into from
Sep 18, 2020
Merged

Fix most npm audit errors, exclude advisory 1556 #6661

merged 1 commit into from
Sep 18, 2020

Conversation

diracdeltas
Copy link
Member

@diracdeltas diracdeltas commented Sep 16, 2020
edited
Loading

Resolves 28 out of 33 npm audit errors by rerunning npm install.
https://www.npmjs.com/advisories/1556 is ignored because there is no fix
in some of our dependencies, and it's a low-impact DoS vulnerability.

Fix brave/brave-browser#11732

Submitter Checklist:

Test Plan:

  • npm run audit_deps should exit cleanly
  • npm run audit_deps -- --audit_dev_deps should also exit cleanly

Reviewer Checklist:

  • New files have MPL-2.0 license header.
  • Request a security/privacy review as needed.
  • Adequate test coverage exists to prevent regressions
  • Verify test plan is specified in PR before merging to source

After-merge Checklist:

  • The associated issue milestone is set to the smallest version that the
    changes has landed on.
  • All relevant documentation has been updated.

@diracdeltas diracdeltas self-assigned this Sep 16, 2020
@diracdeltas diracdeltas added CI/skip-android Do not run CI builds for Android CI/skip-ios Do not run CI builds for iOS CI/skip-macos-x64 Do not run CI builds for macOS x64 CI/skip-windows labels Sep 16, 2020
@diracdeltas diracdeltas mentioned this pull request Sep 16, 2020
Merged
28 tasks
fmarier
fmarier reviewed Sep 17, 2020
View reviewed changes
@mihaiplesa
Copy link
Collaborator

Is the Travis fail expected?

@diracdeltas
Copy link
Member Author

nope, looking into the travis failure right now

@diracdeltas diracdeltas removed CI/skip-macos-x64 Do not run CI builds for macOS x64 CI/skip-windows labels Sep 17, 2020
@diracdeltas
Fix most npm audit errors, exclude advisory 1556
6898964 
Resolves 23 out of 33 npm audit errors using npm audit fix.
https://www.npmjs.com/advisories/1556 is ignored because there is no fix
in some of our dependencies, and it's a low-impact DoS vulnerability.

Fix brave/brave-browser#11732

Run audit_dev_deps in test-security script

Needed for brave/brave-browser#11748
@diracdeltas
Copy link
Member Author

Travis is passing now, and MacOS CI succeeded. The Win/Linux builds are failing with An error occurred (InsufficientInstanceCapacity) when calling the StartInstances operation (reached max retries: 4): Insufficient capacity. in the start-node step. Seems unrelated?

@diracdeltas
Copy link
Member Author

restarted it and CI on windows passed

@diracdeltas diracdeltas merged commit b1186e8 into master Sep 18, 2020
@diracdeltas diracdeltas deleted the fix/audit-dev-errors branch September 18, 2020 02:47
@diracdeltas diracdeltas added this to the 1.16.x - Nightly milestone Sep 18, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fmarier fmarier fmarier approved these changes

@ryanml ryanml Awaiting requested review from ryanml

Assignees

@diracdeltas diracdeltas

Labels
CI/skip-android Do not run CI builds for Android CI/skip-ios Do not run CI builds for iOS
Projects
None yet
Milestone
1.16.x - Release #1
Development

Successfully merging this pull request may close these issues.

npm audit shows 33 vulnerabilities
3 participants
@diracdeltas @mihaiplesa @fmarier