[jira] [Commented] (AIRFLOW-3307) Update insecure node dependencies
[ https://issues.apache.org/jira/browse/AIRFLOW-3307?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16689460#comment-16689460 ] Iuliia Volkova commented on AIRFLOW-3307: - [~jmcarp], please, do not forget to close the task if PR was merged ) Thank you! > Update insecure node dependencies > - > > Key: AIRFLOW-3307 > URL: https://issues.apache.org/jira/browse/AIRFLOW-3307 > Project: Apache Airflow > Issue Type: Bug >Reporter: Josh Carp >Assignee: Josh Carp >Priority: Trivial > > `npm audit` shows some node dependencies that are out of date and potentially > insecure. We should update them with `npm audit fix`. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (AIRFLOW-3307) Update insecure node dependencies
[
https://issues.apache.org/jira/browse/AIRFLOW-3307?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16681511#comment-16681511
]
ASF GitHub Bot commented on AIRFLOW-3307:
-
ashb closed pull request #4147: [AIRFLOW-3307] Upgrade rbac node deps via `npm
audit fix`.
URL: https://github.com/apache/incubator-airflow/pull/4147
This is a PR merged from a forked repository.
As GitHub hides the original diff on merge, it is displayed below for
the sake of provenance:
As this is a foreign pull request (from a fork), the diff is supplied
below (as it won't show otherwise due to GitHub magic):
diff --git a/airflow/www_rbac/package-lock.json
b/airflow/www_rbac/package-lock.json
index 2e75cf9ec4..b595b467e5 100644
--- a/airflow/www_rbac/package-lock.json
+++ b/airflow/www_rbac/package-lock.json
@@ -514,12 +514,6 @@
}
}
},
-"abbrev": {
- "version": "1.0.9",
- "resolved": "https://registry.npmjs.org/abbrev/-/abbrev-1.0.9.tgz;,
- "integrity": "sha1-kbR5JYinc4wl813W9jdSovh3YTU=",
- "dev": true
-},
"acorn": {
"version": "5.7.1",
"resolved": "https://registry.npmjs.org/acorn/-/acorn-5.7.1.tgz;,
@@ -570,29 +564,12 @@
"integrity": "sha1-6GuBnGAs+IIa1jdBNpjx3sAhhHo=",
"dev": true
},
-"align-text": {
- "version": "0.1.4",
- "resolved":
"https://registry.npmjs.org/align-text/-/align-text-0.1.4.tgz;,
- "integrity": "sha1-DNkKVhCT810KmSVsIrcGlDP60Rc=",
- "dev": true,
- "requires": {
-"kind-of": "^3.0.2",
-"longest": "^1.0.1",
-"repeat-string": "^1.5.2"
- }
-},
"alphanum-sort": {
"version": "1.0.2",
"resolved":
"https://registry.npmjs.org/alphanum-sort/-/alphanum-sort-1.0.2.tgz;,
"integrity": "sha1-l6ERlkmyEa0zaR2fn0hqjsn74KM=",
"dev": true
},
-"amdefine": {
- "version": "1.0.1",
- "resolved": "https://registry.npmjs.org/amdefine/-/amdefine-1.0.1.tgz;,
- "integrity": "sha1-SlKCrBZHKek2Gbz9OtFR+BfOkfU=",
- "dev": true
-},
"ansi-escapes": {
"version": "3.1.0",
"resolved":
"https://registry.npmjs.org/ansi-escapes/-/ansi-escapes-3.1.0.tgz;,
@@ -724,12 +701,6 @@
"integrity": "sha1-WWZ/QfrdTyDMvCu5a41Pf3jsA2c=",
"dev": true
},
-"async": {
- "version": "1.5.2",
- "resolved": "https://registry.npmjs.org/async/-/async-1.5.2.tgz;,
- "integrity": "sha1-7GphrlZIDAw8skHJVhjiCJL5Zyo=",
- "dev": true
-},
"async-each": {
"version": "1.0.1",
"resolved":
"https://registry.npmjs.org/async-each/-/async-each-1.0.1.tgz;,
@@ -871,50 +842,6 @@
"babel-template": "^6.24.1"
}
},
-"babel-istanbul": {
- "version": "0.12.2",
- "resolved":
"https://registry.npmjs.org/babel-istanbul/-/babel-istanbul-0.12.2.tgz;,
- "integrity": "sha1-5yPwfJokMtiAVVILwi519cI5Fhw=",
- "dev": true,
- "requires": {
-"abbrev": "1.0.x",
-"async": "1.x",
-"escodegen": "1.8.x",
-"esprima": "2.7.x",
-"handlebars": "^4.0.1",
-"js-yaml": "3.x",
-"mkdirp": "0.5.x",
-"multi-glob": "^1.0.1",
-"nopt": "3.x",
-"object-assign": "^4.0.1",
-"once": "1.x",
-"resolve": "^1.1.0",
-"source-map": "0.4.x",
-"supports-color": "3.1.x",
-"which": "1.2.x",
-"wordwrap": "1.0.x"
- },
- "dependencies": {
-"source-map": {
- "version": "0.4.4",
- "resolved":
"https://registry.npmjs.org/source-map/-/source-map-0.4.4.tgz;,
- "integrity": "sha1-66T12pwNyZneaAMti092FzZSA2s=",
- "dev": true,
- "requires": {
-"amdefine": ">=0.0.4"
- }
-},
-"supports-color": {
- "version": "3.1.2",
- "resolved":
"https://registry.npmjs.org/supports-color/-/supports-color-3.1.2.tgz;,
- "integrity": "sha1-cqJiiU2dQIuVbKBf83su2KbiotU=",
- "dev": true,
- "requires": {
-"has-flag": "^1.0.0"
- }
-}
- }
-},
"babel-loader": {
"version": "7.1.5",
"resolved":
"https://registry.npmjs.org/babel-loader/-/babel-loader-7.1.5.tgz;,
@@ -1374,13 +1301,6 @@
"integrity": "sha1-r6uWJikQp/M8GaV3WCXGnzTjUMo=",
"dev": true
},
-"camelcase": {
- "version": "1.2.1",
- "resolved": "https://registry.npmjs.org/camelcase/-/camelcase-1.2.1.tgz;,
- "integrity": "sha1-m7UwTS4LVmmLLHWLCKPqqdqlijk=",
- "dev": true,
- "optional": true
-},
"caniuse-api": {
"version": "1.6.1",
"resolved":
"https://registry.npmjs.org/caniuse-api/-/caniuse-api-1.6.1.tgz;,
@@ -1399,17 +1319,6 @@
"integrity": "sha1-gv+2TUD3VnYgqsAtOmMgeWiavGs=",
"dev": true
},
-"center-align": {
- "version": "0.1.3",
- "resolved":
[jira] [Commented] (AIRFLOW-3307) Update insecure node dependencies
[
https://issues.apache.org/jira/browse/AIRFLOW-3307?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16677400#comment-16677400
]
ASF GitHub Bot commented on AIRFLOW-3307:
-
jmcarp opened a new pull request #4147: [AIRFLOW-3307] Upgrade rbac node deps
via `npm audit fix`.
URL: https://github.com/apache/incubator-airflow/pull/4147
Make sure you have checked _all_ steps below.
### Jira
- [x] My PR addresses the following [Airflow
Jira](https://issues.apache.org/jira/browse/AIRFLOW/) issues and references
them in the PR title. For example, "\[AIRFLOW-XXX\] My Airflow PR"
- https://issues.apache.org/jira/browse/AIRFLOW-3307
- In case you are fixing a typo in the documentation you can prepend your
commit with \[AIRFLOW-XXX\], code changes always need a Jira issue.
### Description
- [x] Here are some details about my PR, including screenshots of any UI
changes:
Update insecure dependences with `npm audit fix`.
### Tests
- [x] My PR adds the following unit tests __OR__ does not need testing for
this extremely good reason:
Just updating build dependencies.
### Commits
- [x] My commits all reference Jira issues in their subject lines, and I
have squashed multiple commits if they address the same issue. In addition, my
commits follow the guidelines from "[How to write a good git commit
message](http://chris.beams.io/posts/git-commit/)":
1. Subject is separated from body by a blank line
1. Subject is limited to 50 characters (not including Jira issue reference)
1. Subject does not end with a period
1. Subject uses the imperative mood ("add", not "adding")
1. Body wraps at 72 characters
1. Body explains "what" and "why", not "how"
### Documentation
- [x] In case of new functionality, my PR adds documentation that describes
how to use it.
- When adding new operators/hooks/sensors, the autoclass documentation
generation needs to be added.
### Code Quality
- [x] Passes `flake8`
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
> Update insecure node dependencies
> -
>
> Key: AIRFLOW-3307
> URL: https://issues.apache.org/jira/browse/AIRFLOW-3307
> Project: Apache Airflow
> Issue Type: Bug
>Reporter: Josh Carp
>Assignee: Josh Carp
>Priority: Trivial
>
> `npm audit` shows some node dependencies that are out of date and potentially
> insecure. We should update them with `npm audit fix`.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (AIRFLOW-3307) Update insecure node dependencies
[ https://issues.apache.org/jira/browse/AIRFLOW-3307?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16677279#comment-16677279 ] Ash Berlin-Taylor commented on AIRFLOW-3307: Sure, We should update them, but the security of it doesn't concern us as they are dev-time only so don't affect our users. > Update insecure node dependencies > - > > Key: AIRFLOW-3307 > URL: https://issues.apache.org/jira/browse/AIRFLOW-3307 > Project: Apache Airflow > Issue Type: Bug >Reporter: Josh Carp >Assignee: Josh Carp >Priority: Trivial > > `npm audit` shows some node dependencies that are out of date and potentially > insecure. We should update them with `npm audit fix`. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
