Skip to content

chore(payments): add npm auditing to payments-server dependencies#1896

Merged
meandavejustice merged 2 commits intomozilla:masterfrom
jaredhirsch:1128-audit-deps
Jul 23, 2019
Merged

chore(payments): add npm auditing to payments-server dependencies#1896
meandavejustice merged 2 commits intomozilla:masterfrom
jaredhirsch:1128-audit-deps

Conversation

@jaredhirsch
Copy link
Copy Markdown
Member

@jaredhirsch jaredhirsch commented Jul 22, 2019

Separated into two commits: one readable commit, and one with package-lock.json noise.

First commit: following the advice in the "enable security scanning of 3rd-party libraries and dependencies" checkbox in issue #1128, adds npm dependency auditing to the payments-server npm lint scripts as npm lint:deps. The audit-filter package requires an .npmrc file with a specific JSON format, so added that, too.

The second commit contains package-lock.json changes created by audit-filter automatically updating stale dependencies to eliminate known nsp errors.

@jaredhirsch
chore(payments): add audit-filter to npm lint scripts
6b2c463 
Related to issue mozilla#1128
@jaredhirsch
chore(payments): merge in audit-filter automatic updates
5973039 
* audit-filter claims it removed 17312 vulnerabilities by removing 2 packages
  and updating 4 packages.

Related to issue mozilla#1128
@jaredhirsch jaredhirsch changed the title 1128 audit deps chore(payments): add npm auditing to payments-server dependencies Jul 22, 2019
@meandavejustice
Copy link
Copy Markdown

meandavejustice commented Jul 22, 2019

Test failed on a 503 pulling down node, prolly to do with the github outages

Step 1/23 : FROM node:12-stretch AS node-builder
12-stretch: Pulling from library/node

error pulling image configuration: received unexpected HTTP status: 503 Service Temporarily Unavailable
Exited with code 1

@ianb ianb mentioned this pull request Jul 22, 2019
Closed
47 tasks
shane-tomlinson
shane-tomlinson approved these changes Jul 23, 2019
View reviewed changes
Copy link
Copy Markdown
Contributor

@shane-tomlinson shane-tomlinson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

r+

@meandavejustice meandavejustice merged commit 2aba786 into mozilla:master Jul 23, 2019
@jaredhirsch jaredhirsch mentioned this pull request Aug 16, 2019
Closed
17 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@shane-tomlinson shane-tomlinson shane-tomlinson approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@jaredhirsch @meandavejustice @shane-tomlinson