metamask-extension

mirror of https://github.com/kremalicious/metamask-extension.git synced 2024-10-22 19:26:13 +02:00

History

Mark Stacey 754f98aea2 Fix `npm-audit` script (#6908 ) The npm audit script was auditing all dependencies, then filtering the results to just the advisories concerning production dependencies. This was done by checking the boolean `dev` and `optional` properties of each `findings` entry in each advisory. The `dev` and `optional` properties are now missing, which is resulting in dev advisories being mistakenly identified as affecting production. This check has been removed, and instead the `--production` flag is used when calling `npm audit`. This accomplishes the same goal without relying as much upon the audit output format. The `--production` flag was added in `npm` `v6.10.0`, so `npm` has been updated to the current latest stable (`v6.10.2`) for the `test-deps` job. It was also updated on the `prep-deps-npm` job to ensure consistency in behaviour. The other jobs only use `npm run` which hasn't changed substantially in some time, so compatibility isn't really a concern for those. `audit.json` has also been added to `.gitignore`. It was accidentally checked in once while working on this branch.	2019-07-24 19:54:16 -03:00
..
scripts	Fix `npm-audit` script (#6908 )	2019-07-24 19:54:16 -03:00
config.yml	Fix `npm-audit` script (#6908 )	2019-07-24 19:54:16 -03:00

Fix npm-audit script (#6908 )

The npm audit script was auditing all dependencies, then filtering the
results to just the advisories concerning production dependencies. This
was done by checking the boolean `dev` and `optional` properties of each
`findings` entry in each advisory.

The `dev` and `optional` properties are now missing, which is resulting
in dev advisories being mistakenly identified as affecting production.

This check has been removed, and instead the `--production` flag is used
when calling `npm audit`. This accomplishes the same goal without
relying as much upon the audit output format.

The `--production` flag was added in `npm` `v6.10.0`, so `npm` has been
updated to the current latest stable (`v6.10.2`) for the `test-deps`
job. It was also updated on the `prep-deps-npm` job to ensure
consistency in behaviour. The other jobs only use `npm run` which hasn't
changed substantially in some time, so compatibility isn't really a
concern for those.

`audit.json` has also been added to `.gitignore`. It was accidentally
checked in once while working on this branch.

2019-07-24 19:54:16 -03:00

scripts Fix npm-audit script (#6908 ) 2019-07-24 19:54:16 -03:00

config.yml Fix npm-audit script (#6908 ) 2019-07-24 19:54:16 -03:00