generator
generator copied to clipboard
asyncapi
fix: audit and upgrade dependencies
Fix: Audit dependency tree to remove well-known vulnerabilities
Description: Running npm audit for this project reveals a series of easily fixable vulnerabilities in the dependency tree. Many of them are automatically fixable running npm audit fix. Moreover, I have upgraded the devDependencies jest and eslint by some major versions, which also removes quite many vulnerabilities. I have also run the tests and the linter and nothing breaks. I have also opened the test results in my browser and everything looks fine, via firefox test/output/index.html
This package is great, but I get tons of npm warnings whenever I use them. I would like to receive just a few less, and fixing the issues in this PR was rather easy. Do I need to do something else so that this PR is compliant?
Kudos, SonarCloud Quality Gate passed! 
0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells
No Coverage information
0.0% Duplication
![sonarcloud[bot] avatar](https://avatars.githubusercontent.com/in/12526?v=4 "Published by a pub.dev verified publisher"){kind=small}
@albertodiazdorado doesn't look like just update of deps is enough, looks like there were some breaking changes in the API
Thanks for the very fast response @derberg
There is indeed a breaking change in one of the upgrades that requires node v14. We cannot do that upgrade if we want to keep backwards compatibility with node v12.
In the end, this was not as easy as I though. I will have a second look at it. Do you want me to close the PR and re-open it in the future, or may I leave it here?
@albertodiazdorado up to you if you want to continue with this one or start new
Thanks for the very fast response @derberg
yeah, the AsyncAPI Conference has ended 😅 so have more time now 😄
This pull request has been automatically marked as stale because it has not had recent activity :sleeping:
It will be closed in 120 days if no further activity occurs. To unstale this pull request, add a comment with detailed explanation.
There can be many reasons why some specific pull request has no activity. The most probable cause is lack of time, not lack of interest. AsyncAPI Initiative is a Linux Foundation project not owned by a single for-profit company. It is a community-driven initiative ruled under open governance model.
Let us figure out together how to push this pull request forward. Connect with us through one of many communication channels we established here.
Thank you for your patience :heart:
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
This pull request has been automatically marked as stale because it has not had recent activity :sleeping:
It will be closed in 120 days if no further activity occurs. To unstale this pull request, add a comment with detailed explanation.
There can be many reasons why some specific pull request has no activity. The most probable cause is lack of time, not lack of interest. AsyncAPI Initiative is a Linux Foundation project not owned by a single for-profit company. It is a community-driven initiative ruled under open governance model.
Let us figure out together how to push this pull request forward. Connect with us through one of many communication channels we established here.
Thank you for your patience :heart: