-
-
Notifications
You must be signed in to change notification settings - Fork 81
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Potential security issues in outdated dependencies #746
Comments
I am running an |
I am working on removing cryptiles and changing to @hapi/cryptiles in each modules. |
Let @bgaeddert know your progress, he was working on this also
… On May 8, 2020, at 5:03 PM, AJ ***@***.***> wrote:
I am working on removing cryptiles and changing to @hapi/cryptiles in each modules.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or unsubscribe.
|
@bgaeddert please pop in here if you are working on another. |
@punkrokk I'd say partially. While #757 removes some unused dependencies, there is no PR which updates existing dependencies. Currently https://github.com/StackStorm/st2web/network/alerts still shows some |
I guess we need to merge the #794 first to understand if https://github.com/StackStorm/st2web/network/alerts is clear. |
These issues have been remediated and only development dependencies are outlying as of the 3.3.0 release! |
st2web
has a lot of security warnings in its outdated npm dependencies located in https://github.com/StackStorm/st2web/blob/master/yarn.lock(https://github.com/StackStorm/st2web/network/alerts)
We'll need someone experienced in React/UI/Javascript to update them, making sure
st2web
functionality/tests are still working as before.We'll probably need to get another round of manual/UI testing searching for regressions once the patching is done.
The text was updated successfully, but these errors were encountered: