Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

replaces npm-run-all with concurrently #988

Closed
wants to merge 1 commit into from
Closed

replaces npm-run-all with concurrently #988

wants to merge 1 commit into from

Conversation

ChrisBAshton
Copy link
Contributor

Fixes event-stream vulnerability: dominictarr/event-stream#116

Removes dependency which has a compromised subdependency.

  • Tests added for new features
  • Test engineer approval

codeclimate[bot]
codeclimate bot reviewed Nov 26, 2018
View reviewed changes
Copy link

@codeclimate codeclimate bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The PR diff size of 10390 lines exceeds the maximum allowed for the inline comments feature.

@codeclimate
Copy link

codeclimate bot commented Nov 26, 2018

Code Climate has analyzed commit 71eb5e2 and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 100.0% (90% is the threshold).

This pull request will bring the total coverage in the repository to 97.0% (0.0% change).

View more on Code Climate.

@ChrisBAshton
Copy link
Contributor Author

Build is currently failing because concurrently doesn't exit the server when the other tasks have passed. There is a --success flag that should allow us to describe when the process should exit but I've not had much luck with it.

Have raised: https://github.com/kimmobrunfeldt/concurrently/issues/177 in the meantime.

@ChrisBAshton
Copy link
Contributor Author

ChrisBAshton commented Nov 26, 2018
edited
Loading

Another alternative is to stick with npm-run-all but use the NPM resolutions property to lock event-stream to v3.3.4: https://github.com/bbc/web/pull/234/files

EDIT: have raised #990. We can merge that in the meantime. Suggest we continue with this PR afterwards, as it's still worth swapping out for an unaffected library.

@ChrisBAshton ChrisBAshton mentioned this pull request Nov 26, 2018
Closed
2 tasks
@ChrisBAshton
Copy link
Contributor Author

Superseded by #990

@ChrisBAshton ChrisBAshton deleted the remove-vulnerability branch November 26, 2018 14:41
@thecodingdude thecodingdude mentioned this pull request Nov 27, 2018
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@codeclimate CodeClimate CodeClimate left review comments

Assignees

@ChrisBAshton ChrisBAshton

Labels
high-priority
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@ChrisBAshton