perfect thx g
> On Dec 11, 2017, at 4:03 AM, Tony Atkins <[email protected]> wrote: > > Hi, Gregg. > > We've already removed our major dependencies on this, and there are no plans > to use it directly again. This is mainly good news in that it (eventually) > will reduce the vulnerabilities we inherit from other libraries. > > Cheers, > > > Tony > > On 8 December 2017 at 15:20, Gregg Vanderheiden GPII > <[email protected] <mailto:[email protected]>> wrote: > If if fell into disrepair once — is there a chance that if we become > dependent on it - that it will fall into disrepair again? > > I want to be sure that, while we have the resources, we do what we can to > make it easy to maintain security after the end of the grant. > > Having stated that priority I defer to you all and Brendan on this. > > best > > Gregg > > >> On Dec 8, 2017, at 4:41 AM, Tony Atkins <[email protected] >> <mailto:[email protected]>> wrote: >> >> Hi, All. >> >> As you may remember, packages like gpii-handlebars and infusion-docs were >> recently updated so that they no longer directly depend on "marked", which >> had multiple long-unaddressed security vulnerabilities. >> >> Recently, a new key contributor has stepped up to try and revive the >> "marked" project <https://github.com/chjj/marked/issues/956>. In less than >> a week, the long-stalled 0.3.7 release that includes fixes for the previous >> holes was released. Unfortunately, there's still a newly discovered >> vulnerability that will apparently be fixed in the upcoming version 0.3.9 >> <https://github.com/chjj/marked/pull/958>. I am following that pull, and >> will report back when there's an actual fix. I >> >> have reviewed our holdings on snyk.io <http://snyk.io/>, it doesn't seem >> that we have marked as a non-dev dependency at the moment, but I thought I'd >> mention it for people whose work might not have made it up there yet. >> >> Cheers, >> >> >> Tony >> >> _______________________________________________ >> Architecture mailing list >> [email protected] <mailto:[email protected]> >> https://lists.gpii.net/mailman/listinfo/architecture >> <https://lists.gpii.net/mailman/listinfo/architecture> > >
_______________________________________________ Architecture mailing list [email protected] https://lists.gpii.net/mailman/listinfo/architecture
