vue-storefront icon indicating copy to clipboard operation
vue-storefront copied to clipboard
verified publisher icon vuestorefront

Fixed HIgh / Critical issues flagged in security audit - Feature/6606

Open jaydubb12 opened this issue 4 years ago • 4 comments

Description

  • Updated consola and chokidar dependencies to realize the remediation of some vulnerability issues categorized as high, that existed in transient dependencies

  • Utilized the "resolutions" feature to remediate some vulnerability issues categorized as high, that existed in transient dependencies

Related Issue

https://github.com/vuestorefront/vue-storefront/issues/6606

Motivation and Context

Improve the foundational health of the overall platform

How Has This Been Tested?

  • Ran the tests associated with the project libraries
  • NOTE, given the impacted dependencies and sub-dependencies have not deprecated any of the currently used features, the overall risk to the platform is nominal.

Screenshots:

N/A

Types of changes

  • [X] Bug fix (non-breaking change which fixes an issue)
  • [ ] New feature (non-breaking change which adds functionality)
  • [ ] Breaking change (fix or feature that would cause existing functionality to change)

Checklist:

  • [X] I have read the CONTRIBUTING document.

Changelog

  • [X] I have updated the Changelog (V1) v2 and mentioned all breaking changes in the public API.
  • [ ] I have documented all new public APIs and made changes to existing docs mentioning the parts I've changed so they're up to date.

Tests

  • [ ] I have written test cases for my code
  • [ ] I have tested my Pull Request on production build and (to my knowledge) it works without any issues
  • [ ] I have added tests to cover my changes.
  • [X] All new and existing tests passed.

I tested manually my code, and it works well with both:

  • [ ] Default Theme
  • [ ] Capybara Theme

Code standards

  • [X] My code follows the code style of this project.

Docs

  • [ ] My change requires a change to the documentation.
  • [ ] I have updated the documentation accordingly.

jaydubb12 avatar Jan 11 '22 16:01 jaydubb12

CLA assistant check
All committers have signed the CLA.

CLAassistant avatar Jan 11 '22 16:01 CLAassistant

Not sure why the check is suggesting a conflict in the yarn.lock file, can one of the peer reviewers assist in the resolution?

@bloodf any help or direction you could provide...would be appreciated

jaydubb12 avatar Jan 12 '22 06:01 jaydubb12

@jaydubb12 you need to merge the base repo into your branch, and then remove the yarn.lock and recreate it.

bloodf avatar Jan 21 '22 22:01 bloodf

Also please update the title following the https://github.com/vuestorefront/vue-storefront/blob/main/CONTRIBUTING.md guide :)

bloodf avatar Jan 21 '22 22:01 bloodf

Closed due to inactivity

filrak avatar Aug 30 '23 15:08 filrak