Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fixes for Dependabot alerts (xmldom, underscore) #3332

Merged
merged 2 commits into from
May 10, 2021
Merged

Fixes for Dependabot alerts (xmldom, underscore) #3332

merged 2 commits into from
May 10, 2021

Conversation

oxy
Copy link

@oxy oxy commented May 10, 2021

Remove plist, since we don't use it (and it depends on xmldom, per Dependabot), and modify the resolution for underscore to be specific to doctoc.

@oxy oxy requested a review from a team as a code owner May 10, 2021 07:36
@oxy oxy self-assigned this May 10, 2021
@oxy oxy added this to the v3.10.0 milestone May 10, 2021
@codecov
Copy link

codecov bot commented May 10, 2021

Codecov Report

Merging #3332 (641d946) into main (02a0e05) will not change coverage.
The diff coverage is n/a.

Impacted file tree graph

@@           Coverage Diff           @@
##             main    #3332   +/-   ##
=======================================
  Coverage   58.95%   58.95%           
=======================================
  Files          35       35           
  Lines        1703     1703           
  Branches      374      374           
=======================================
  Hits         1004     1004           
  Misses        561      561           
  Partials      138      138

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 02a0e05...641d946. Read the comment docs.

code-asher
code-asher approved these changes May 10, 2021
View reviewed changes
package.json
@@ -76,7 +76,7 @@
},
"resolutions": {
"normalize-package-data": "^3.0.0",
"underscore": "1.13.1",
"doctoc/underscore": "^1.13.1",
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cool I didn't know you could do this!

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yeah, this is really interesting.

cc @vapurrmaid you're probably aware of this trick, but if not... seems like it may come in handy for us

@oxy oxy merged commit 7421e9d into main May 10, 2021
@oxy oxy deleted the oxy/3.10-secfixes branch May 10, 2021 16:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jawnsy jawnsy jawnsy left review comments

@code-asher code-asher code-asher approved these changes

Assignees

@oxy oxy

Labels
None yet
Projects
None yet
Milestone
v3.10.0
Development

Successfully merging this pull request may close these issues.
3 participants
@oxy @jawnsy @code-asher