javascript quickstarts need npm audit fixes #1063

joebowbeer · 2024-07-24T11:00:40Z

In almost every javascript quickstart (and probably tutorial) the npm i installation in each package folder reports audit findings.

Most are fixed by npm audit fix

In some cases an upgrade to axios v1 is needed, which requires a npm audit fix --force

Dependabot should be able to generate PRs for these.

This is a sequel to #1054 (which reported pub_sub audit findings)

Expected Behavior

Running npm i in a javascript folder with package*.json does not report npm audit findings.

A handful of audit findings reported in each folder.

The text was updated successfully, but these errors were encountered:

joebowbeer · 2024-07-26T20:54:22Z

/assign joebowbeer

I will create a PR for this

paulyuk · 2024-07-29T01:41:10Z

If we can rebase and sync your PR @joebowbeer I'd love to take it for 1.14 release. Please track in that issue

joebowbeer · 2024-07-29T02:55:37Z

Thanks. I finished rebasing my branch on 1.14

paulyuk · 2024-07-29T19:42:54Z

Fixed by #1081, merged!

joebowbeer mentioned this issue Jul 27, 2024

fix: npm audit fixes and lock files #1081

Merged

4 tasks

paulyuk added the language/javascript Pull requests that update Javascript code label Jul 29, 2024

paulyuk assigned joebowbeer Jul 29, 2024

paulyuk added this to the 1.14 milestone Jul 29, 2024

paulyuk added this to v1.14 Release Tracking Board Jul 29, 2024

github-project-automation bot moved this to Needs Owner in v1.14 Release Tracking Board Jul 29, 2024

paulyuk added the P1 label Jul 29, 2024

paulyuk closed this as completed Jul 29, 2024

github-project-automation bot moved this from Needs Owner to Done in v1.14 Release Tracking Board Jul 29, 2024