Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove vulnerability warning reported from Github for VS Code extensions #49146

Closed
8 tasks done
egamma opened this issue May 3, 2018 · 0 comments
Closed
8 tasks done

Remove vulnerability warning reported from Github for VS Code extensions #49146

egamma opened this issue May 3, 2018 · 0 comments
Assignees
@egamma @kieferrm
Labels
verified Verification succeeded
Milestone
May 2018

Comments

@egamma
Copy link
Member

egamma commented May 3, 2018
edited
Loading

Github shows a vulnerability warning against VS Code extensions that have checked in the package-lock.json.

image

This is a false positive since the module in question is a development dependency and the module is not published with the extension.

See also microsoft/vscode-extension-vscode#106.

We should still eliminate the warning:

  • In package.json in the devDependencies section, change the dependency of the vscode module to "vscode": "^1.1.17".
  • run npm install
  • check in the change.

Here are some extension that show this warning that should be fixed:
@egamma egamma added this to the May 2018 milestone May 3, 2018
roblourens added a commit to microsoft/vscode-chrome-debug that referenced this issue May 3, 2018
@roblourens
microsoft/vscode#49146
90ff9f0
roblourens added a commit to microsoft/vscode-node-debug2 that referenced this issue May 3, 2018
@roblourens
microsoft/vscode#49146
b9d7384
@egamma egamma closed this as completed May 4, 2018
WardenGnaw added a commit to WardenGnaw/vscode-cpptools that referenced this issue May 5, 2018
@WardenGnaw
Extension Development Improvements
dce7ecf 
1. Updated tasks.json to 2.0
2. Added tslint problem matcher
   - Weird issue that problem does not disappear when resolved.
3. Adding tslint for class and function names.
   - class must be in PascalCase
   - funcitons must be in camelCase
4. Addressing vulnerability warning
   - microsoft/vscode#49146
WardenGnaw added a commit to WardenGnaw/vscode-cpptools that referenced this issue May 5, 2018
@WardenGnaw
Extension Development Improvements
7edbf0a 
1. Updated tasks.json to 2.0
2. Added tslint problem matcher
   - Weird issue that problem does not disappear when resolved.
3. Adding tslint for class and function names.
   - class must be in PascalCase
   - funcitons must be in camelCase
4. Addressing vulnerability warning
   - microsoft/vscode#49146
@WardenGnaw WardenGnaw mentioned this issue May 5, 2018
Merged
@kieferrm kieferrm mentioned this issue May 7, 2018
Closed
46 tasks
WardenGnaw added a commit to microsoft/vscode-cpptools that referenced this issue May 7, 2018
@WardenGnaw
Extension Development Improvements (#1941)
ff31eef 
1. Updated tasks.json to 2.0
2. Added tslint problem matcher
   - Weird issue that problem does not disappear when resolved.
3. Adding tslint for class and function names.
   - class must be in PascalCase
   - funcitons must be in camelCase
4. Addressing vulnerability warning
   - microsoft/vscode#49146
@mjbvz mjbvz added the verified Verification succeeded label May 30, 2018
@vscodebot vscodebot bot locked and limited conversation to collaborators Jun 18, 2018
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@egamma egamma

@kieferrm kieferrm

Labels
verified Verification succeeded
Projects
None yet
Milestone
May 2018
Development

No branches or pull requests
3 participants
@egamma @kieferrm @mjbvz