Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: remove placeholder security script from each plugin #77

Merged
merged 3 commits into from
Dec 4, 2019
Merged

chore: remove placeholder security script from each plugin #77

merged 3 commits into from
Dec 4, 2019

Conversation

pnevares
Copy link
Contributor

@pnevares pnevares commented Dec 4, 2019
edited
Loading

Rollup Plugin Name: all

This PR contains:

  • bugfix
  • feature
  • refactor
  • documentation
  • other

Are tests included?

  • yes (bugfixes and features will not be merged without tests)
  • no

Breaking Changes?

  • yes (breaking changes will not be merged unless absolutely necessary)
  • no

List any relevant issue numbers:

Resolves #75

Description

  • Removes the placeholder security script from each plugin's package.json
  • I verified that pnpm audit only uses pnpm-lock.yaml to run the audit.
    • I installed lodash@4.17.11 (contains a vulnerability) in the run package and pnpm audit reported the vulnerability when ran from the repo's root.
    • Only adding the vulnerable dependency to packages/run/package.json had no effect on pnpm audit
    • Only adding the vulnerable dependency to pnpm-lock.yaml caused the vulnerability to show up during pnpm audit
  • Unrelated change: the typescript package had two un-linted files, I've included them here

@pnevares
Copy link
Contributor Author

pnevares commented Dec 4, 2019

It looks like we have 15 packages running security as part of their lint script and the other 5 as part of their ci:lint script. I can remove all but should I update .circleci/config.yml or let someone else handle?

@shellscape shellscape requested review from a team December 4, 2019 17:25
shellscape
shellscape approved these changes Dec 4, 2019
View reviewed changes
Copy link
Collaborator

@shellscape shellscape left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@shellscape shellscape merged commit 6c1cc76 into rollup:master Dec 4, 2019
franklx pushed a commit to franklx/rollup-plugin-url-emit that referenced this pull request Sep 28, 2020
@pnevares @shellscape
chore: remove placeholder security script from each plugin (rollup#77)
283a050 
* chore: remove placeholder security script from each plugin

* chore: changes in typescript package after linting

* chore: remove security script from lint and ci:lint scripts
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@shellscape shellscape shellscape approved these changes

@darthtrevino darthtrevino darthtrevino approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

repo task: enable pnpm audit
3 participants
@pnevares @shellscape @darthtrevino