Update NPM Dependencies #19
Conversation
This is far from finished.
|
Updating My output: |
|
Forking them sounds like a lot of effort. I'd check whether we actually still need them (e.g. have they been folded into other packages), and are there newer alternatives which everyone now uses instead? |
|
Yeah that's what I thought of too. @tsaoyu mind checking if we still need them? I'm going through them now myself too, but I may miss some things out. |
|
I don't know if we need it or not. I setup this blog using made-mistakes template and they has updated the packages list to mitigate the security issue. Maybe worth to migrate to newer version. |
|
I'll look at that this evening 👍 |
|
Going through Made Mistakes, there really doesn't seem to be an easy way to fix these vulnerabilities. The docs for that template itself says that we'd need to rework quite a bit of it in order to publish it to Github Pages. Case in point, it has a few plugins in its Gemfile that isn't allowed in Pages. On top of this, I'm struggling to even get the repo to build on my machine haha. |
|
I should also mention that the NPM updates isn't as simple as updating the |
|
If it's not straightforward, I'd say don't waste time on it. I still don't
think the vulnerabilities matter for a static site.
…On Sun, 25 Aug 2019, 18:12 Zhong-yuen Lee, ***@***.***> wrote:
Reopened #19
<#19>.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#19?email_source=notifications&email_token=AACQB5JN27SGTA4XLQ7HKC3QGK4RPA5CNFSM4IMAFXAKYY3PNVWWK3TUL52HS4DFWZEXG43VMVCXMZLOORHG65DJMZUWGYLUNFXW5KTDN5WW2ZLOORPWSZGOTHTLRUA#event-2582034640>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AACQB5IUE4DYNLGAAIST4LLQGK4RPANCNFSM4IMAFXAA>
.
|
|
Yeah that's true. Just thought I'd be able to tackle it :P |
Closes: #11
This PR should solve any warnings we get on vulnerable dependencies.
Warning: This is still a WIP.