Skip to content

Comments

resolve uglify-js CVEs#40

Open
mcandre wants to merge 1 commit intofishbar:masterfrom
mcandre:update-uglify-js
Open

resolve uglify-js CVEs#40
mcandre wants to merge 1 commit intofishbar:masterfrom
mcandre:update-uglify-js

Conversation

@mcandre
Copy link

@mcandre mcandre commented Oct 7, 2019

Update uglify-js, while keeping npm test1 passing, in order to resolve vulnerability reports associated with earlier editions of uglify-js.

@mcandre mcandre mentioned this pull request Oct 7, 2019
Open
gpolitis added a commit to jitsi/sdp-interop that referenced this pull request Jul 14, 2020
@gpolitis
Removes jscoverage and coveralls dev dependencies.
3da0622 
jscoverage pulls some dev dependencies that have known CVEs (debug and
uglify-js). There are PRs [1], [2] that fix the CVEs but the project
seems to be unmaintained.

Furthermore, the jscoverage tool is in a broken state at the moment,
most likely because it doesn't understand ES6 (but I could be wrong
about that).

For these two reason I'm booting it from the project and we can
re-evaluate if anything ever changes.

[1]: fishbar/jscoverage#40
[2]: fishbar/jscoverage#41
@gpolitis gpolitis mentioned this pull request Jul 14, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@mcandre