kube-forwarder icon indicating copy to clipboard operation
kube-forwarder copied to clipboard

Published 20 hours ago verified publisher icon pixel-point

Update dependencies, enable security alerts & dependabot

Open siavashs opened this issue 4 years ago • 0 comments

Hello,

I'm trying to update the AUR package to 1.5.1 release but the build fails as there is a dependency on python2 from node-gyp which is pulled by node-sass (dependency hell :fire:) Bumping the node-sass version to 5.0.0 resolves the python2 dependency, but still there are many modules that need to be updated:

50 vulnerabilities (28 low, 6 moderate, 15 high, 1 critical)

If you enable the Dependabot Alerts on the GitHub repository, you also see them as well.

So I recommend all dependencies on this project be updated, you can also setup Dependabot to open PRs automatically by adding this configuration:

# Basic dependabot.yml file with
# minimum configuration for two package managers

version: 2
updates:
  # Enable version updates for npm
  - package-ecosystem: "npm"
    # Look for `package.json` and `lock` files in the `root` directory
    directory: "/"
    # Check the npm registry for updates every day (weekdays)
    schedule:
      interval: "daily"

See Github docs for more info.

siavashs avatar Mar 20 '21 12:03 siavashs