-
Notifications
You must be signed in to change notification settings - Fork 2.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Security issue in dependencies #854
Comments
Speaking of CI or unit test, #729 contains the necessary code to setup Travis for building. I did not get any feedback, but will be pleased to know if it works for you. I did not get around to unit testing, since these days I am developing specific functionality for Stackedit. Good to see the patch, I could not think it would break stackedit, but you probably want @benweet to confirm that. |
In fact, without unit test, travis-ci can not help anything. BTW @jesperronn, there are many spaces changes and commits in that PR, which are not really meaningful, I can only see you added |
bump dependency - serve-static to 1.6.5, fix #854
serve-static Open Redirect 1.5.3
CVE-2015-1164
**Credit: *_Pierre-Élie Fauché
Vulnerable: *<1.6.5 || >=1.7.0 <1.7.2
_Patched: ~1.6.5 || >=1.7.2
https://nodesecurity.io/advisories/serve-static-open-redirect
Shall we upgrade serve-static to 1.6.5 or something?
Because there is no ci or unit test, I'm afraid that upgrading dependencies will brake the functions.
The text was updated successfully, but these errors were encountered: