fix(deps): remove high severity vulnerability and add extra travis check on PRS

The only exception is `webpack-svgstore-plugin` that still points to some older package versions with `low` severity vulnerabilities and apparently the repo is not active that [the actual fix](https://github.com/mrsum/webpack-svgstore-plugin/pull/172) could be merged. Because of that I'm limiting the scope to just `high` severity issues. Note: I decided to include `audit-ci` because `yarn` does not provide (yet) a way to filter violations by severity level. fix(deps): upgrade packages so that `yarn lint` works with the current babel-eslint
2025-01-18 06:03:22 +08:00 · 2019-03-20 01:11:20 +01:00 · 2019-03-20 01:11:20 +01:00 · 18ba26dd47
commit 18ba26dd47
parent 24f61e02be
3 changed files with 1618 additions and 1891 deletions
--- a/.travis.yml
+++ b/.travis.yml
@ -14,5 +14,6 @@ install:
  - yarn build:packages

 script:
+  - yarn audit-ci
  - yarn lint
  - yarn test
--- a/package.json
+++ b/package.json
@ -10,7 +10,8 @@
    "build:examples": "node ./node_modules/@babel/node/bin/babel-node.js ./build/examples/build.js --env=production",
    "release": "yarn build:packages && yarn lint && yarn test && lerna publish",
    "lint": "eslint ./packages/**/src/**",
-    "test": "jest"
+    "test": "jest",
+    "audit-ci": "audit-ci --high"
  },
  "postcss": {
    "plugins": {
@ -31,6 +32,7 @@
    "@babel/preset-env": "^7.3.4",
    "@babel/preset-stage-2": "^7.0.0",
    "@babel/runtime": "^7.3.4",
+    "audit-ci": "^1.4.1",
    "autoprefixer": "^9.4.10",
    "babel-core": "^7.0.0-bridge.0",
    "babel-eslint": "^10.0.1",
@ -54,7 +56,7 @@
    "http-proxy-middleware": "^0.19.1",
    "http-server": "^0.11.1",
    "imagemin-webpack-plugin": "^2.4.2",
-    "jest": "^24.1.0",
+    "jest": "^24.5.0",
    "lerna": "^3.13.1",
    "mini-css-extract-plugin": "^0.5.0",
    "minimist": "^1.2.0",
--- a/yarn.lock
+++ b/yarn.lock