Fix vulnerabilities #53
Conversation
Signed-off-by: Eric Thompson <eric@niugnepsoftware.com>
EricThompson-PeopleReign
force-pushed
the
master
branch
from
00cd91d to
f034d63
Compare
|
@wzrdtales Any chance of getting this merged in? |
| }, | ||
| "devDependencies": { | ||
| "db-meta": "^0.4.1", | ||
| "db-migrate-shared": "^1.1.2", | ||
| "vows": "0.8.0" | ||
| "vows": "^0.8.3" |
There was a problem hiding this comment.
don't touch this, it breaks in every other version than 0.8.0
| @@ -1,10 +1,10 @@ | |||
| { | |||
| "name": "db-migrate-mongodb", | |||
| "version": "1.5.0", | |||
| "version": "1.5.1", | |||
There was a problem hiding this comment.
don't touch the version in PRs, the release is not part of a PR
|
there is unfortunately no ci running a test against this, so not easily mergeable right now due to missing certainty that nothing breaks. If you could take the time to get gitlab actions here that would be awesome otherwise only have two comments |
|
Thanks @wzrdtales, I have since done some manual testing and the newer version of mongodb client doesn't play well with this package. I don't know enough about this package or the mongodb client to fix the things that moved in the upgrade v3.x -> 4.x. |
|
as far as i remember someone from the community gave it a shot before, but stopped working on it. I guess also @BorntraegerMarc who wrote this package initially is out of time. I am not a mongo user at all and wont be, am avoiding it for a good reason :p , so all I will give here is technical advice in general. The best person to maintain the mongo driver is someone actually using it. Writing a driver itself is fairly "easy" though see https://db-migrate.readthedocs.io/en/latest/Developers/contributing/#creating-your-own-driver |
|
Yeah, sorry… my prios kinda shifted 🙂 |
This PR bumps the versions for vow and mongodb. This fixes 5 different vulnerabilities total and allos this package to pass vulnerability testing that's required by some CI/CD process.