Asciidoctor :: Discussion

potential security vulnerabilities in your dependencies.

_‹ Previous Topic Next Topic _›

Classic

List

Threaded

2 messages Options

jnorth

potential security vulnerabilities in your dependencies.

Wanted to get the hang of Antora, so cloned the demo example, did gradle build ok. Looks good to me. Then was going to push this trial project to GitHub. I did not have a .gitignore file so everything was pushed up to git.

Git suggested

package-lock.json 2 vulnerabilities found

so is there something we should not allow to be pushed to github ? thx Jim

mojavelinux

Re: potential security vulnerabilities in your dependencies.

Administrator

Thanks Jim. While I take security seriously, in my experience, GitHub tends to be too alarmist about these vulnerability checks, often flagging test or compile time dependencies. In this case, these are dependencies of the nodegit compilation tasks. I don't think it's anything to be concerned about.

For future feedback about Antora, I encourage you to use the Antora issue tracker. https://gitlab.com/antora/antora

Best Regards,

-Dan

On Sun, Sep 16, 2018 at 7:50 AM, jnorth [via Asciidoctor :: Discussion] <[hidden email]> wrote:

Wanted to get the hang of Antora, so cloned the demo example, did gradle build ok. Looks good to me. Then was going to push this trial project to GitHub. I did not have a .gitignore file so everything was pushed up to git.

Git suggested

package-lock.json 2 vulnerabilities found

so is there something we should not allow to be pushed to github ? thx Jim

If you reply to this email, your message will be added to the discussion below:
http://discuss.asciidoctor.org/potential-security-vulnerabilities-in-your-dependencies-tp6473.html

To start a new topic under Asciidoctor :: Discussion, email [hidden email]
To unsubscribe from Asciidoctor :: Discussion, click here.
NAML

Dan Allen | @mojavelinux | https://twitter.com/mojavelinux