Re: potential security vulnerabilities in your dependencies.
Posted by mojavelinux on Sep 24, 2018; 12:12am
URL: https://discuss.asciidoctor.org/potential-security-vulnerabilities-in-your-dependencies-tp6473p6485.html
--
URL: https://discuss.asciidoctor.org/potential-security-vulnerabilities-in-your-dependencies-tp6473p6485.html
Thanks Jim. While I take security seriously, in my experience, GitHub tends to be too alarmist about these vulnerability checks, often flagging test or compile time dependencies. In this case, these are dependencies of the nodegit compilation tasks. I don't think it's anything to be concerned about.
For future feedback about Antora, I encourage you to use the Antora issue tracker. https://gitlab.com/antora/antora
Best Regards,
-Dan
On Sun, Sep 16, 2018 at 7:50 AM, jnorth [via Asciidoctor :: Discussion] <[hidden email]> wrote:
Wanted to get the hang of Antora, so cloned the demo example, did gradle build ok. Looks good to me. Then was going to push this trial project to GitHub. I did not have a .gitignore file so everything was pushed up to git.
Git suggested
package-lock.json 2 vulnerabilities found
so is there something we should not allow to be pushed to github ? thx Jim
If you reply to this email, your message will be added to the discussion below:http://discuss.asciidoctor.org/potential-security- vulnerabilities-in-your- dependencies-tp6473.html To start a new topic under Asciidoctor :: Discussion, email [hidden email]
To unsubscribe from Asciidoctor :: Discussion, click here.
NAML
--
Dan Allen | @mojavelinux | https://twitter.com/mojavelinux
| Free forum by Nabble | Edit this page |