potential security vulnerabilities in your dependencies.

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

potential security vulnerabilities in your dependencies.

jnorth
Wanted to get the hang of Antora, so cloned the demo example, did gradle build ok. Looks good to me. Then was going to push this trial project to GitHub. I did not have a .gitignore file so everything was pushed up to git.

Git suggested

    package-lock.json 2 vulnerabilities found

so is there something we should not allow to be pushed to github ? thx Jim



Reply | Threaded
Open this post in threaded view
|

Re: potential security vulnerabilities in your dependencies.

mojavelinux
Administrator
Thanks Jim. While I take security seriously, in my experience, GitHub tends to be too alarmist about these vulnerability checks, often flagging test or compile time dependencies. In this case, these are dependencies of the nodegit compilation tasks. I don't think it's anything to be concerned about.

For future feedback about Antora, I encourage you to use the Antora issue tracker. https://gitlab.com/antora/antora

Best Regards,

-Dan

On Sun, Sep 16, 2018 at 7:50 AM, jnorth [via Asciidoctor :: Discussion] <[hidden email]> wrote:
Wanted to get the hang of Antora, so cloned the demo example, did gradle build ok. Looks good to me. Then was going to push this trial project to GitHub. I did not have a .gitignore file so everything was pushed up to git.

Git suggested

    package-lock.json 2 vulnerabilities found

so is there something we should not allow to be pushed to github ? thx Jim






If you reply to this email, your message will be added to the discussion below:
http://discuss.asciidoctor.org/potential-security-vulnerabilities-in-your-dependencies-tp6473.html
To start a new topic under Asciidoctor :: Discussion, email [hidden email]
To unsubscribe from Asciidoctor :: Discussion, click here.
NAML



--
Dan Allen | @mojavelinux | https://twitter.com/mojavelinux