Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security: Update dependencies #7

Merged
merged 1 commit into from
Jun 15, 2020
Merged

Security: Update dependencies #7

merged 1 commit into from
Jun 15, 2020

Conversation

kevin-loumont
Copy link
Contributor

@kevin-loumont kevin-loumont commented Dec 13, 2019
edited by GreatWizard
Loading

close #8

Before update :

Screenshot 2019-12-13 at 15 03 14

What i did: yarn upgrade

Result:

Screenshot 2019-12-13 at 15 18 38

To fix the last vulnerabilitie i add :

"resolutions": { "clean-css": "^4.1.11" } in package.json

Result:

Screenshot 2019-12-13 at 15 06 30

@GreatWizard
Copy link
Contributor

GreatWizard commented Jan 3, 2020
edited
Loading

I'm not a big fan to update a major version of a dependencies in resolutions.
But it seems that upgrade from v3 to v4 don't change anything in the code in clean-css-promise, so it's all fine with the resolutions: shinnn/clean-css-promise@01a858f

Also, it seems that clean-css comes from https://github.com/shinnn/clean-css-promise/blob/master/package.json#L34 => https://github.com/shinnn/broccoli-clean-css/blob/master/package.json#L35 => https://github.com/ember-cli/ember-cli-preprocess-registry/blob/v3.3.0/package.json#L25 => https://github.com/ember-cli/ember-cli/blob/master/package.json#L76

If we look at the latest verison of ember-cli-preprocess-registry (https://github.com/ember-cli/ember-cli-preprocess-registry/blob/master/package.json) the deps on clean-css stuff is removed ;) So we will be able to remove that resolutions when ember-cli will upgrade the deps to ember-cli-preprocess-registry v4.x.x.

@GreatWizard GreatWizard force-pushed the security/update-packages branch 2 times, most recently from 73aaf25 to 5481b11 Compare June 15, 2020 13:24
@GreatWizard GreatWizard force-pushed the security/update-packages branch from 5481b11 to ada8098 Compare June 15, 2020 13:25
@GreatWizard GreatWizard merged commit e4442a8 into master Jun 15, 2020
@GreatWizard GreatWizard deleted the security/update-packages branch June 15, 2020 13:31
@GreatWizard GreatWizard mentioned this pull request Jun 16, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@GreatWizard GreatWizard GreatWizard approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

clean-css 4.x dependencie
2 participants
@kevin-loumont @GreatWizard