Image-sequencer: npm audit and dependabot

Created on 18 Mar 2019 · 4Comments · Source: publiclab/image-sequencer

Please describe the problem (or idea)

I installed lodash recently in a pr where I had removed it by mistake and the version that was installed was 6 patches ahead of the old one. Also when I installed it, I found that npm audit showed 5 critical warnings. Is dependabot working properly ? Also I feel like npm audit fixes should be done to IS deps.

cc @jywarren @tech4GT @publiclab/is-reviewers

Thank you!

Your help makes Public Lab better! We deeply appreciate your helping refine and improve this site.

To learn how to write really great issues, which increases the chances they'll be resolved, see:

https://publiclab.org/wiki/developers#Contributing+for+non-coders

enhancement help wanted

Source

harshkhandeparkar

🎉1 👍1

Most helpful comment

I am busy right now. If someone else wante to work, they can but of nobody claime it for the next few weeks, I will fix it. (Once my exams are over).

harshkhandeparkar on 1 Apr 2019

❤1 👍1

All 4 comments

I'm not sure exactly how the two systems track. But I'd love to accept a PR
that's the result of running npm audit -- then maybe we can get ahead of
dependabot, even?

On Mon, Mar 18, 2019 at 7:26 AM Harsh Khandeparkar notifications@github.com
wrote:

Please describe the problem (or idea)

I installed lodash recently in a pr where I had removed it by mistake and
the version that was installed was 4 patches ahead of the old one. Also
when I installed it, I found that npm audit showed 5 critical warnings. Is
dependabot working properly ? Also I feel like npm audit fixes should be
done to IS deps.

cc @jywarren https://github.com/jywarren @tech4GT
https://github.com/tech4GT @publiclab/is-reviewers

https://github.com/orgs/publiclab/teams/is-reviewers

Thank you!

Your help makes Public Lab better! We deeply appreciate your helping
refine and improve this site.

To learn how to write really great issues, which increases the chances
they'll be resolved, see:

https://publiclab.org/wiki/developers#Contributing+for+non-coders

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/publiclab/image-sequencer/issues/882, or mute the
thread
https://github.com/notifications/unsubscribe-auth/AABfJ9GT0T-7Ic3w_jfEvEXKA1FoYJpuks5vX3fDgaJpZM4b5jJu
.

jywarren on 18 Mar 2019

@HarshKhandeparkar are you working on this? Thanks!

grvsachdeva on 1 Apr 2019

I am busy right now. If someone else wante to work, they can but of nobody claime it for the next few weeks, I will fix it. (Once my exams are over).

harshkhandeparkar on 1 Apr 2019

❤1 👍1

No hurry @HarshKhandeparkar. All the best for exams!

grvsachdeva on 1 Apr 2019

❤1

Was this page helpful?

0 / 5 - 0 ratings

Related issues

Depend on gifshot via node_modules and package.json

jywarren · 5Comments

Provide example of JSON style steps syntax in README

jywarren · 4Comments

this.stringToSteps is not a function in ReplaceImage

jywarren · 5Comments

Blob detection module needs a test

jywarren · 5Comments

Halftone angle (in radians) needs to be a decimal instead of an integer

jywarren · 3Comments