generator
generator copied to clipboard
fix: audit and upgrade dependencies
Fix: Audit dependency tree to remove well-known vulnerabilities
Description: Running npm audit
for this project reveals a series of easily fixable vulnerabilities in the dependency tree. Many of them are automatically fixable running npm audit fix
. Moreover, I have upgraded the devDependencies jest
and eslint
by some major versions, which also removes quite many vulnerabilities. I have also run the tests and the linter and nothing breaks. I have also opened the test results in my browser and everything looks fine, via firefox test/output/index.html
This package is great, but I get tons of npm
warnings whenever I use them. I would like to receive just a few less, and fixing the issues in this PR was rather easy. Do I need to do something else so that this PR is compliant?
Kudos, SonarCloud Quality Gate passed!
0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells
No Coverage information
0.0% Duplication
@albertodiazdorado doesn't look like just update of deps is enough, looks like there were some breaking changes in the API
Thanks for the very fast response @derberg
There is indeed a breaking change in one of the upgrades that requires node v14. We cannot do that upgrade if we want to keep backwards compatibility with node v12.
In the end, this was not as easy as I though. I will have a second look at it. Do you want me to close the PR and re-open it in the future, or may I leave it here?
@albertodiazdorado up to you if you want to continue with this one or start new
Thanks for the very fast response @derberg
yeah, the AsyncAPI Conference has ended 😅 so have more time now 😄
@albertodiazdorado what do you need to continue here?
This pull request has been automatically marked as stale because it has not had recent activity :sleeping:
It will be closed in 120 days if no further activity occurs. To unstale this pull request, add a comment with detailed explanation.
There can be many reasons why some specific pull request has no activity. The most probable cause is lack of time, not lack of interest. AsyncAPI Initiative is a Linux Foundation project not owned by a single for-profit company. It is a community-driven initiative ruled under open governance model.
Let us figure out together how to push this pull request forward. Connect with us through one of many communication channels we established here.
Thank you for your patience :heart:
This pull request has been automatically marked as stale because it has not had recent activity :sleeping:
It will be closed in 120 days if no further activity occurs. To unstale this pull request, add a comment with detailed explanation.
There can be many reasons why some specific pull request has no activity. The most probable cause is lack of time, not lack of interest. AsyncAPI Initiative is a Linux Foundation project not owned by a single for-profit company. It is a community-driven initiative ruled under open governance model.
Let us figure out together how to push this pull request forward. Connect with us through one of many communication channels we established here.
Thank you for your patience :heart: