[x3d-public] X3DJSONLD NPM dependencies have vulnerabilities? Not right now!
Cecile Muller
contact at wildpeaks.fr
Sat Jul 24 02:41:29 PDT 2021
Good morning John,
You may want to consider using Dependabot to keep dependencies up to date
(it sends a pull request when there is a new version of a package
available):
https://github.blog/2020-06-01-keep-all-your-packages-up-to-date-with-dependabot/
https://docs.github.com/en/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/about-dependabot-version-updates
Also Devcontainers/Docker to sandbox the environment where dependencies run:
https://code.visualstudio.com/docs/remote/create-dev-container
https://www.docker.com/products/docker-desktop
See you,
Cecile
On Sat, Jul 24, 2021 at 2:23 AM John Carlson <yottzumm at gmail.com> wrote:
> X3DJSONLD upgraded dependency npm-java to version 0.12.2, got rid of
> vulnerabilities
>
> $ npm install
>
> up to date, audited 109 packages in 738ms
>
> 4 packages are looking for funding
> run `npm fund` for details
>
> found 0 vulnerabilities
>
> up to date, audited 109 packages in 58s
>
> 4 packages are looking for funding
> run `npm fund` for details
>
> found 0 vulnerabilities
>
> =====================================
>
> You may wish to help various projects seeking funding that X3DJSONLD uses:
>
> coderextreme at coderextreme-Kubuntu20:~/X3DJSONLD$ npm fund
> X3DJSONLD at 9.0.0
> ├── https://github.com/sponsors/epoberezkin
> │ └── ajv at 6.12.6
> ├── https://github.com/sponsors/isaacs
> │ └── glob at 7.1.6
> └── https://github.com/sponsors/RubenVerborgh
> └── follow-redirects at 1.14.1
>
>
> _______________________________________________
> x3d-public mailing list
> x3d-public at web3d.org
> http://web3d.org/mailman/listinfo/x3d-public_web3d.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://web3d.org/pipermail/x3d-public_web3d.org/attachments/20210724/9cfcd6fc/attachment.html>
More information about the x3d-public
mailing list