1
0
mirror of https://github.com/kremalicious/metamask-extension.git synced 2024-12-23 01:39:44 +01:00

use improved-yarn-audit and exclude 1002401 and 1002581 (#12310)

* use improved-yarn-audit and exclude 1002401
This commit is contained in:
Alex Donesky 2021-10-08 12:18:38 -05:00 committed by GitHub
parent 1879fb48d7
commit 3b5e33bc4c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 10 additions and 1 deletions

View File

@ -3,7 +3,9 @@
set -u
set -o pipefail
yarn audit --level moderate --groups dependencies
# use `improved-yarn-audit` since that allows for exclude
# exclude 1002401 until we remove use of 3Box, 1002581 until we can find a better solution
yarn run improved-yarn-audit --ignore-dev-deps --min-severity moderate --exclude 1002401,1002581
audit_status="$?"
# Use a bitmask to ignore INFO and LOW severity audit results

View File

@ -29,6 +29,7 @@ ignores:
- "source-map-explorer"
# development tool
- "yarn-deduplicate"
- "improved-yarn-audit"
# storybook
- "@storybook/core"
- "@storybook/addon-backgrounds"

View File

@ -287,6 +287,7 @@
"gulp-watch": "^5.0.1",
"gulp-zip": "^4.0.0",
"history": "^5.0.0",
"improved-yarn-audit": "^2.3.3",
"jest": "^26.6.3",
"jsdom": "^11.2.0",
"koa": "^2.7.0",

View File

@ -14631,6 +14631,11 @@ import-local@^3.0.2:
pkg-dir "^4.2.0"
resolve-cwd "^3.0.0"
improved-yarn-audit@^2.3.3:
version "2.3.3"
resolved "https://registry.yarnpkg.com/improved-yarn-audit/-/improved-yarn-audit-2.3.3.tgz#da0be78be4b678c73733066c9ccd21e1958fae8c"
integrity sha512-chZ7zPKGsA+CZeMExNPf9WZhETJLkC+u8cQlkQC9XyPZqQPctn3FavefTjXBXmX3Azin8WcoAbaok1FvjkLf6A==
imurmurhash@^0.1.4:
version "0.1.4"
resolved "https://registry.yarnpkg.com/imurmurhash/-/imurmurhash-0.1.4.tgz#9218b9b2b928a238b13dc4fb6b6d576f231453ea"