Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix two dependabot security alerts #90

Open
jerkey opened this issue Apr 7, 2021 · 3 comments
Open

fix two dependabot security alerts #90

jerkey opened this issue Apr 7, 2021 · 3 comments

Comments

@jerkey
Copy link

jerkey commented Apr 7, 2021
edited
Loading

github's dependabot says we need to do something so it can see what versions of pug and ecstatic we're using - this looks like it might be no big deal but since it's flagging as a possible security issue we should try to fix it. As for ecstatic, there is an actual security issue that's relevant unless we're using a more recent version.

Here's what github says we should do about it:

what to do about pug dependancy issue

what to do about ecstatic dependancy issue
@jerkey jerkey changed the title fix dependabot security alert for pug version fix two dependabot security alerts Apr 7, 2021
@kenrestivo
Copy link

Those links are 404

@kenrestivo
Copy link

Dunno about security alerts, but I ran dependabot on a fork and merged its recommendations https://github.com/kenrestivo/sudo-humans/commits/master

@jnny
Copy link

jnny commented Oct 14, 2021

@kenrestivo wanna turn that into a pull request? :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@kenrestivo @jnny @jerkey