Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / phosphor-webui / f000468d501d7e11aefb7e271bee8730cb4988cd^! / . / package.json
commitf000468d501d7e11aefb7e271bee8730cb4988cd[log] [tgz]
authorGunnar Mills <gmills@us.ibm.com>Tue Jul 23 17:38:32 2019 -0500
committerGunnar Mills <gmills@us.ibm.com>Wed Jul 31 15:25:19 2019 +0000
treec910566ed10a124287513e7400e051005fa9e2db
parentaf0df6fff3fce6cf88d608c44758e971718ec906 [diff] [blame]
Use npm-check-updates and npm audit fix

Upgraded npm to 6.10.2, which includes npm audit.
Installed npm-check-updates and then ran:
ncu -u;  npm audit fix

This is a npm 6 package-lock.json.
Recommend using npm 6 from here out to avoid churn in the
package-lock.json caused by npm 5 vs npm 6.

Before:
  found 24 high severity vulnerabilities in 12251 scanned packages
    run `npm audit fix` to fix 24 of them.

After:
  found 0 vulnerabilities
   in 12251 scanned packages

npm 6 was released a year and half ago and has "security is built in".

npm 6/5.10 moved package-lock.json from exact versions to loosly versions.
tilde and caret are now present in the package-lock.json

The previous commits helps a little by "specific version in
package.json guarantees the version only a the top level commit"

Even though package-lock.json has tilde and carets (scary!), the
package-lock.json still lock sub-dependencies according to npm.

https://github.com/npm/npm/issues/20434#issuecomment-395637874

OpenBMC uses nodejs_10.15.3 which has npm 6.4.1.
https://github.com/openbmc/openbmc/blob/master/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs_10.15.3.bb
https://nodejs.org/en/download/releases/

Also see:
    https://github.com/npm/npm/issues/20891

Resolves openbmc/phosphor-webui#91

Tested: Built image and loaded on Witherspoon
Change-Id: I436be724ac4b27bb00a4b4c20077ddf981c43c9f
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>

diff --git a/package.json b/package.json
index 248a983..8b70827 100644
--- a/package.json
+++ b/package.json

@@ -51,34 +51,34 @@
   "devDependencies": {
     "@babel/core": "7.5.5",
     "@babel/preset-env": "7.5.5",
-    "angular-mocks": "1.7.3",
-    "assets-webpack-plugin": "3.9.6",
-    "autoprefixer": "9.1.5",
+    "angular-mocks": "1.7.8",
+    "assets-webpack-plugin": "3.9.10",
+    "autoprefixer": "9.6.1",
     "babel-core": "6.26.3",
-    "babel-loader": "8.0.2",
+    "babel-loader": "8.0.6",
     "babel-polyfill": "6.26.0",
-    "compression-webpack-plugin": "2.0.0",
-    "copy-webpack-plugin": "4.5.2",
-    "csp-html-webpack-plugin": "2.5.0",
-    "css-loader": "1.0.0",
-    "eslint-plugin-angular": "3.3.0",
-    "event-stream": "3.3.4",
-    "file-loader": "2.0.0",
+    "compression-webpack-plugin": "3.0.0",
+    "copy-webpack-plugin": "5.0.3",
+    "csp-html-webpack-plugin": "3.0.2",
+    "css-loader": "3.1.0",
+    "eslint-plugin-angular": "4.0.1",
+    "event-stream": "4.0.1",
+    "file-loader": "4.1.0",
     "filter-chunk-webpack-plugin": "2.1.0",
     "html-loader": "0.5.5",
-    "html-minifier": "3.5.21",
+    "html-minifier": "4.0.0",
     "html-webpack-inline-source-plugin": "0.0.10",
     "html-webpack-plugin": "3.2.0",
     "ignore-assets-webpack-plugin": "2.0.1",
-    "mini-css-extract-plugin": "0.4.5",
+    "mini-css-extract-plugin": "0.8.0",
     "node-sass": "4.12.0",
-    "null-loader": "0.1.1",
-    "raw-loader": "0.5.1",
+    "null-loader": "3.0.0",
+    "raw-loader": "3.1.0",
     "rimraf": "2.6.3",
     "sass-loader": "7.1.0",
     "style-loader": "0.23.1",
     "svg-inline-loader": "0.8.0",
-    "uglifyjs-webpack-plugin": "1.3.0",
+    "uglifyjs-webpack-plugin": "2.1.3",
     "webpack": "4.37.0",
     "webpack-cli": "3.3.6",
     "webpack-dev-server": "3.7.2"