Skip to content

Commit

Permalink
chore(deps): Get audit-filter working for all packages in monorepo
Browse files Browse the repository at this point in the history
* Add a lint:deps job to the top-level package.json, so lerna can run
  lint:deps in all packages in parallel.

* Also fix today's handlebars vulnerability, so that builds don't fail.

Some of the vulnerabilities are in transitive dependencies, yet the
suggested `npm update foo --depth N` command sometimes seems to do
nothing. There was a related bug in npm 6.6.0 - 6.11.2, fixed by
npm/cli#239, but perhaps that didn't fix all the
cases? (I was using npm 6.12.0.) As a workaround, I've added audit-filter
exceptions where `npm update` wasn't able to fix vulnerabilities.

Fixes #2229.
  • Loading branch information
jaredhirsch committed Nov 15, 2019
1 parent 7c08e5a commit b6fb016
Show file tree
Hide file tree
Showing 21 changed files with 2,165 additions and 107 deletions.
1 change: 1 addition & 0 deletions package.json
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@
"authors": "git shortlog -s | cut -c8- | sort -f > AUTHORS",
"postinstall": "_scripts/install_all.sh",
"npm-ci-all": "lerna exec --parallel -- npm ci",
"lint:deps": "lerna exec --parallel -- npm run lint:deps",
"start": "pm2 start mysql_servers.json && echo \"Use 'npm stop' to stop all the servers\"",
"stop": "pm2 kill",
"start-firefox": "./packages/fxa-dev-launcher/bin/fxa-dev-launcher",
Expand Down
8 changes: 8 additions & 0 deletions packages/fxa-amplitude-send/.nsprc
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
{
"comment_535": "535 is a moderate severity RegExp denial of service vulnerability in mime, a dependency of s3.",
"comment_1118": "1118 is a critical severity arbitrary code execution in eslint-utils",
"exceptions": [
"https://npmjs.com/advisories/535",
"https://npmjs.com/advisories/1118"
]
}
Loading

0 comments on commit b6fb016

Please sign in to comment.