Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade webpacker to fix security dependency #245

Merged
merged 1 commit into from
Mar 23, 2021
Merged

Upgrade webpacker to fix security dependency #245

merged 1 commit into from
Mar 23, 2021
+685 −517

Conversation

melzreal
Copy link
Contributor

@melzreal melzreal commented Mar 22, 2021
edited
Loading

Description of change

Upgrading webpacker due to a security warning affecting an svg package that the old webpacker version depended on:
https://github.com/unboxed/bops/security/dependabot/yarn.lock/is-svg/open

Please keep in mind that this Action was originally written for GitHub Actions beta (when Docker was the only way of doing things).
Consider using actions/setup-node to work with Yarn.
This repository will be mostly supporting the existing flows.

@melzreal melzreal force-pushed the update-svg branch 10 times, most recently from b0785e2 to 153a05c Compare March 22, 2021 13:11
@melzreal
Upgrade webpacker to fix security dependency

Verified

This commit was created on github.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode
1ed051c 
- Also update github actions file inline with the comment on the GithubActions for Yarn:
https://github.com/marketplace/actions/github-action-for-yarn

```
Please keep in mind that this Action was originally written for GitHub Actions beta (when Docker was the only way of doing things).
Consider using actions/setup-node to work with Yarn.
This repository will be mostly supporting the existing flows.
```
@melzreal melzreal requested a review from james March 22, 2021 17:14
@melzreal melzreal merged commit 3b30c40 into master Mar 23, 2021
@melzreal melzreal deleted the update-svg branch March 24, 2021 17:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@james james

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@melzreal @james