profile
viewpoint
Karl Horky karlhorky @upleveled Vienna https://twitter.com/karlhorky Founder, Teacher @upleveled. Canadian/Austrian. he/him

karlhorky/awesome-speakers 706

Awesome speakers in the programming and design communities

istarkov/babel-plugin-webpack-loaders 631

babel 6 plugin which allows to use webpack loaders

karlhorky/BlockCursorEverywhere 40

Sublime Text plugin to display a block cursor

karlhorky/chartist-plugin-line-tooltip 4

Plugin for Chartist.js Line Charts

cg50x/invoice-generator 2

A React app for generating an invoice document.

karlhorky/create-react-app 2

Create React apps with no build configuration.

Campus-Advisors/campus-advisor-training-karlhorky 0

campus-advisor-training-karlhorky created by GitHub Classroom

GitThomas/mydoc 0

My first Doc Website

PR opened graphql-nexus/nexus-future

Fix casing of GitHub

TODO

  • [x] docs
+1 -1

0 comment

1 changed file

pr created time in 6 hours

push eventkarlhorky/nexus-future

Karl Horky

commit sha 6b83dd7fd0e833c157461f55eedede065c30f75f

Fix casing of GitHub

view details

push time in 6 hours

fork karlhorky/nexus-future

Delightful GraphQL Application Framework

https://www.nexusjs.org

fork in 6 hours

delete branch karlhorky/next-offline-example

delete branch : snyk-upgrade-a9f5ddef3320ec6109bf5c07c9de28bd

delete time in 13 hours

push eventkarlhorky/next-offline-example

snyk-bot

commit sha 05ac39bb738cac78964e8e979867149c57fde8c8

fix: upgrade next from 9.1.1 to 9.2.2 Snyk has created this PR to upgrade next from 9.1.1 to 9.2.2. See this package in NPM: https://www.npmjs.com/package/next See this project in Snyk: https://app.snyk.io/org/karlhorky/project/90f06b95-d3d8-4043-9720-8a867d806d44?utm_source=github&utm_medium=upgrade-pr

view details

Karl Horky

commit sha b1904a91ec2e47b650b9db140cc2824668edff30

Merge pull request #2 from karlhorky/snyk-upgrade-a9f5ddef3320ec6109bf5c07c9de28bd [Snyk] Upgrade next from 9.1.1 to 9.2.2

view details

push time in 13 hours

PR merged karlhorky/next-offline-example

[Snyk] Upgrade next from 9.1.1 to 9.2.2

<h3>Snyk has created this PR to upgrade next from 9.1.1 to 9.2.2.</h3> :information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project. <hr/>

  • The recommended version is 127 versions ahead of your current version.
  • The recommended version was released a month ago, on 2020-02-18.

The recommended version fixes:

Severity Issue Exploit Maturity
<img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png" width="20" height="20" title="medium severity"/> Cross-site Scripting (XSS)<br/> SNYK-JS-DEVALUE-536388 No Known Exploit

<hr/>

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

<!--- (snyk:metadata:{"dependencies":[{"name":"next","from":"9.1.1","to":"9.2.2"}],"packageManager":"yarn","type":"auto","projectUrl":"https://app.snyk.io/org/karlhorky/project/90f06b95-d3d8-4043-9720-8a867d806d44?utm_source=github&utm_medium=upgrade-pr","projectPublicId":"90f06b95-d3d8-4043-9720-8a867d806d44","env":"prod","prType":"upgrade","vulns":["SNYK-JS-DEVALUE-536388"],"issuesToFix":[{"issueId":"SNYK-JS-DEVALUE-536388","severity":"medium","title":"Cross-site Scripting (XSS)","exploitMaturity":"no-known-exploit"}],"upgrade":["SNYK-JS-DEVALUE-536388"],"upgradeInfo":{"versionsDiff":127,"publishedDate":"2020-02-18T11:26:50.350Z"},"templateVariants":[],"hasFixes":true,"isMajorUpgrade":false,"isBreakingChange":false}) --->

+1356 -421

0 comment

2 changed files

snyk-bot

pr closed time in 13 hours

push eventkarlhorky/talks

snyk-bot

commit sha 0bac67695a6c9d967f9f0588c8ce366af7f06163

fix: upgrade normalize.css from 8.0.0 to 8.0.1 Snyk has created this PR to upgrade normalize.css from 8.0.0 to 8.0.1. See this package in NPM: https://www.npmjs.com/package/normalize.css See this project in Snyk: https://app.snyk.io/org/karlhorky/project/81506301-da47-4d4a-9940-c7f343e4abab?utm_source=github&utm_medium=upgrade-pr

view details

push time in 18 hours

create barnchkarlhorky/talks

branch : snyk-upgrade-908bb53901b895100217aa5864ccf260

created branch time in 18 hours

push eventkarlhorky/auth0-node-heroku

snyk-bot

commit sha 97da8eb64cf07c2c75bcf4232337a574d2dfdb96

fix: upgrade passport from 0.4.0 to 0.4.1 Snyk has created this PR to upgrade passport from 0.4.0 to 0.4.1. See this package in NPM: https://www.npmjs.com/package/passport See this project in Snyk: https://app.snyk.io/org/karlhorky/project/31be1960-ff93-4f06-b51c-8fce336bb8b4?utm_source=github&utm_medium=upgrade-pr

view details

push time in 19 hours

push eventkarlhorky/auth0-node-heroku

snyk-bot

commit sha 6752c9774615b8991bfc35fd89e037afdd8ce710

fix: upgrade pug from 2.0.3 to 2.0.4 Snyk has created this PR to upgrade pug from 2.0.3 to 2.0.4. See this package in NPM: https://www.npmjs.com/package/pug See this project in Snyk: https://app.snyk.io/org/karlhorky/project/31be1960-ff93-4f06-b51c-8fce336bb8b4?utm_source=github&utm_medium=upgrade-pr

view details

push time in 19 hours

push eventkarlhorky/auth0-node-heroku

snyk-bot

commit sha 449b8358f7846e24997db05ef84ded2dc6578d35

fix: upgrade passport-auth0 from 1.2.1 to 1.3.2 Snyk has created this PR to upgrade passport-auth0 from 1.2.1 to 1.3.2. See this package in NPM: https://www.npmjs.com/package/passport-auth0 See this project in Snyk: https://app.snyk.io/org/karlhorky/project/31be1960-ff93-4f06-b51c-8fce336bb8b4?utm_source=github&utm_medium=upgrade-pr

view details

push time in 19 hours

push eventkarlhorky/gatsby-serverside-auth0

snyk-bot

commit sha 2032b17f406015c35f8ea16995efb9c35616ffe8

fix: upgrade @reach/alert from 0.7.4 to 0.8.5 Snyk has created this PR to upgrade @reach/alert from 0.7.4 to 0.8.5. See this package in NPM: https://www.npmjs.com/package/@reach/alert See this project in Snyk: https://app.snyk.io/org/karlhorky/project/5c08e8ea-656b-4864-84ae-3f50831a1459?utm_source=github&utm_medium=upgrade-pr

view details

push time in 19 hours

push eventkarlhorky/next-offline-example

snyk-bot

commit sha e5761bbb6d158f6ed7d21a4e2cbb7953771cdbeb

fix: upgrade serve from 11.2.0 to 11.3.0 Snyk has created this PR to upgrade serve from 11.2.0 to 11.3.0. See this package in NPM: https://www.npmjs.com/package/serve See this project in Snyk: https://app.snyk.io/org/karlhorky/project/90f06b95-d3d8-4043-9720-8a867d806d44?utm_source=github&utm_medium=upgrade-pr

view details

push time in 19 hours

push eventkarlhorky/next-offline-example

snyk-bot

commit sha faed5815935f183dd32caa2c5d4c986954d52b1f

fix: upgrade next-offline from 5.0.0-beta.11 to 5.0.0 Snyk has created this PR to upgrade next-offline from 5.0.0-beta.11 to 5.0.0. See this package in NPM: https://www.npmjs.com/package/next-offline See this project in Snyk: https://app.snyk.io/org/karlhorky/project/90f06b95-d3d8-4043-9720-8a867d806d44?utm_source=github&utm_medium=upgrade-pr

view details

push time in 19 hours

push eventkarlhorky/next-offline-example

snyk-bot

commit sha 41231734194e9b4ca5ca4f97c5a4bf0adabc2790

fix: upgrade multiple dependencies with Snyk Snyk has created this PR to upgrade: - react from 16.10.2 to 16.13.0. See this package in NPM: https://www.npmjs.com/package/react - react-dom from 16.10.2 to 16.13.0. See this package in NPM: https://www.npmjs.com/package/react-dom See this project in Snyk: https://app.snyk.io/org/karlhorky/project/90f06b95-d3d8-4043-9720-8a867d806d44?utm_source=github&utm_medium=upgrade-pr

view details

push time in 19 hours

push eventkarlhorky/next-offline-example

snyk-bot

commit sha 05ac39bb738cac78964e8e979867149c57fde8c8

fix: upgrade next from 9.1.1 to 9.2.2 Snyk has created this PR to upgrade next from 9.1.1 to 9.2.2. See this package in NPM: https://www.npmjs.com/package/next See this project in Snyk: https://app.snyk.io/org/karlhorky/project/90f06b95-d3d8-4043-9720-8a867d806d44?utm_source=github&utm_medium=upgrade-pr

view details

push time in 19 hours

push eventkarlhorky/next.js-with-slonik

snyk-bot

commit sha d5f65f72a7821d93c9f8807670c715163dfff0aa

fix: upgrade @types/slonik from 19.0.0 to 19.0.2 Snyk has created this PR to upgrade @types/slonik from 19.0.0 to 19.0.2. See this package in NPM: https://www.npmjs.com/package/@types/slonik See this project in Snyk: https://app.snyk.io/org/karlhorky/project/eebcefc9-eca3-4ad2-ad41-46e75056103b?utm_source=github&utm_medium=upgrade-pr

view details

push time in a day

push eventkarlhorky/next.js-with-slonik

snyk-bot

commit sha 96224e07a87f0d4e6827875f6363b851d6e46e71

fix: upgrade bcrypt from 3.0.6 to 3.0.8 Snyk has created this PR to upgrade bcrypt from 3.0.6 to 3.0.8. See this package in NPM: https://www.npmjs.com/package/bcrypt See this project in Snyk: https://app.snyk.io/org/karlhorky/project/eebcefc9-eca3-4ad2-ad41-46e75056103b?utm_source=github&utm_medium=upgrade-pr

view details

push time in a day

push eventkarlhorky/next.js-with-slonik

snyk-bot

commit sha fd325c5abca5e7bdb7beb2768d8ef8b475a9f247

fix: upgrade @types/jsonwebtoken from 8.3.5 to 8.3.8 Snyk has created this PR to upgrade @types/jsonwebtoken from 8.3.5 to 8.3.8. See this package in NPM: https://www.npmjs.com/package/@types/jsonwebtoken See this project in Snyk: https://app.snyk.io/org/karlhorky/project/eebcefc9-eca3-4ad2-ad41-46e75056103b?utm_source=github&utm_medium=upgrade-pr

view details

push time in a day

push eventkarlhorky/next.js-with-slonik

snyk-bot

commit sha af780905683989724cc39a8690708e01af2fbb3a

fix: upgrade multiple dependencies with Snyk Snyk has created this PR to upgrade: - react from 16.10.1 to 16.13.0. See this package in NPM: https://www.npmjs.com/package/react - react-dom from 16.10.1 to 16.13.0. See this package in NPM: https://www.npmjs.com/package/react-dom See this project in Snyk: https://app.snyk.io/org/karlhorky/project/eebcefc9-eca3-4ad2-ad41-46e75056103b?utm_source=github&utm_medium=upgrade-pr

view details

push time in a day

push eventkarlhorky/next.js-with-slonik

snyk-bot

commit sha 5aded42404481d24b0e778f4939351db662bbe77

fix: upgrade slonik from 19.0.1 to 19.8.0 Snyk has created this PR to upgrade slonik from 19.0.1 to 19.8.0. See this package in NPM: https://www.npmjs.com/package/slonik See this project in Snyk: https://app.snyk.io/org/karlhorky/project/eebcefc9-eca3-4ad2-ad41-46e75056103b?utm_source=github&utm_medium=upgrade-pr

view details

push time in a day

push eventkarlhorky/next.js-with-slonik

snyk-bot

commit sha 3fd71dfb032d217c5181e5e4e3120505c1d26dea

fix: upgrade next from 9.0.7 to 9.2.2 Snyk has created this PR to upgrade next from 9.0.7 to 9.2.2. See this package in NPM: https://www.npmjs.com/package/next See this project in Snyk: https://app.snyk.io/org/karlhorky/project/eebcefc9-eca3-4ad2-ad41-46e75056103b?utm_source=github&utm_medium=upgrade-pr

view details

push time in a day

push eventkarlhorky/talks

snyk-bot

commit sha bb17d80b11cf8488d933e939b6b02e87632189ab

fix: upgrade multiple dependencies with Snyk Snyk has created this PR to upgrade: - react from 15.4.2 to 15.6.2. See this package in NPM: https://www.npmjs.com/package/react - react-dom from 15.4.2 to 15.6.2. See this package in NPM: https://www.npmjs.com/package/react-dom See this project in Snyk: https://app.snyk.io/org/karlhorky/project/3dbbd652-12bd-4aeb-9cac-b0aece57743f?utm_source=github&utm_medium=upgrade-pr

view details

push time in a day

push eventkarlhorky/privacy-shared-cards-clone

snyk-bot

commit sha f9435981080f0685e6366f82c41e5424a888de38

fix: upgrade multiple dependencies with Snyk Snyk has created this PR to upgrade: - react from 16.12.0 to 16.13.0. See this package in NPM: https://www.npmjs.com/package/react - react-dom from 16.12.0 to 16.13.0. See this package in NPM: https://www.npmjs.com/package/react-dom See this project in Snyk: https://app.snyk.io/org/karlhorky/project/e1cf1673-190e-4cd6-9a0a-8298c608643a?utm_source=github&utm_medium=upgrade-pr

view details

push time in a day

push eventkarlhorky/privacy-shared-cards-clone

snyk-bot

commit sha 9dd7885429dc197e8a221ab2bd61f03470e9d31f

fix: upgrade @testing-library/react from 9.4.0 to 9.5.0 Snyk has created this PR to upgrade @testing-library/react from 9.4.0 to 9.5.0. See this package in NPM: https://www.npmjs.com/package/@testing-library/react See this project in Snyk: https://app.snyk.io/org/karlhorky/project/e1cf1673-190e-4cd6-9a0a-8298c608643a?utm_source=github&utm_medium=upgrade-pr

view details

push time in a day

issue commentwycats/handlebars.js

Peer Dependency has Security Vulnerability

@jfoclpf unfortunately, there are other dependencies on minimist > 1 (examples below)

  • https://github.com/yudai-nkt/sesame-client/blob/81d0664c16aa5a371f1c91dccd8e4f7b9eab5601/package-lock.json#L3688
  • https://github.com/yudai-nkt/sesame-client/blob/81d0664c16aa5a371f1c91dccd8e4f7b9eab5601/package-lock.json#L302

So if you force 0.2.1, then these dependents may break, if they are using features that are only in versions above 1...

ferencbeutel4711

comment created time in a day

issue commentwycats/handlebars.js

Peer Dependency has Security Vulnerability

@yudai-nkt unfortunately, because npm-force-resolutions does not have all features of Yarn Resolutions, this can cause problems if you specify a version of minimist that is incompatible with the one that the dependency is requiring.

This is true in the case that you posted above. Review your lockfile entry for optimist:

  1. You specify optimist@0.6.1, which depends on minimist@~0.0.1 (or at least something that fulfills the same API / contract)
  2. You override this with minimist@1.2.5, which means your bumping a major (breaking changes)
  3. This means that any code in optimist that uses minimist in a way that works for 0.0.8 but does not work for 1.0.0 would break, and your application could break
  4. This also applies to any other dependencies that you have updated past a major version bump

As far I know, this shortcoming is also true for npm itself too (without manual editing of the lockfile) - be careful with what you are forcing npm to update to! There is no way to easily achieve what Yarn is capable of.


In case you absolutely cannot use Yarn, what you may be able to do, which would be more safe would be:

  1. Add a resolution for minimist@0.2.1
  2. Run npm-force-resolutions
  3. Copy the resulting object from the package-lock.json file
  4. Remove the resolution again
  5. Manually edit your package-lock.json to force this dependency

But... this may not work 😞 This edit could be destroyed by future npm commands.

Without proper resolutions support, it looks like npm is not up to the task here.

ferencbeutel4711

comment created time in a day

push eventkarlhorky/dotfiles

Karl Horky

commit sha b460876fa09aedd837f77777d503f9cdea425ba2

Add Krisp.ai

view details

push time in a day

pull request commentnodejs/node-gyp

Add docs for macOS Catalina Software Updates

@cclauss Definitely, would be really nice to have a better workflow here!

It would be nice if the existing command-line tools installation would just keep working after software updates. Or at least having some command to fix the installation easily.

karlhorky

comment created time in 2 days

delete branch karlhorky/talks

delete branch : snyk-fix-79bb7272b56fe7880fca26b1f3316222

delete time in 2 days

PR closed karlhorky/talks

[Snyk] Fix for 4 vulnerabilities

<h3>Snyk has created this PR to fix one or more vulnerable packages in the npm dependencies of this project.</h3>

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • packages/2017-04-27-react-kyiv-rise-of-low-configuration-tooling/package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Issue Breaking Change Exploit Maturity
medium severity Prototype Pollution <br/>SNYK-JS-MINIMIST-559764 Yes Proof of Concept
medium severity Prototype Pollution <br/>SNYK-JS-YARGSPARSER-560381 Yes Proof of Concept
low severity Regular Expression Denial of Service (ReDoS) <br/>npm:braces:20180219 Yes Proof of Concept
medium severity Denial of Service (DoS) <br/>npm:mem:20180117 Yes No Known Exploit

<details> <summary><b>Commit messages</b></summary> </br> <details> <summary>Package name: <b>spectacle</b></summary> The new version differs by 18 commits.</br> <ul> <li><a href="https://github.com/FormidableLabs/spectacle/commit/e0e8f5552a343b7a299b4a81c190af2d8b850fe7">e0e8f55</a> 3.0.0</li> <li><a href="https://github.com/FormidableLabs/spectacle/commit/55e37fbd175e1c6f74f769830cbbf35efb0c5290">55e37fb</a> fixing appears</li> <li><a href="https://github.com/FormidableLabs/spectacle/commit/294a95fd78c85f8bfb54f3d97d09bffbc9945980">294a95f</a> Fix React warnings for uppercase HTML heading elements (#373)</li> <li><a href="https://github.com/FormidableLabs/spectacle/commit/de511af13423e61839585ff1a76fc6f5b7970e69">de511af</a> Style prop now has the highest precendence (#374)</li> <li><a href="https://github.com/FormidableLabs/spectacle/commit/c5fbf2993135675fccb5266a91dc02ad3eeaf3e0">c5fbf29</a> fix appears (#376)</li> <li><a href="https://github.com/FormidableLabs/spectacle/commit/b47e236dfaa9da704326653f9d85015764e9ff1f">b47e236</a> Start transition to Emotion. Fix Prism. (#377)</li> <li><a href="https://github.com/FormidableLabs/spectacle/commit/68a2cf7615af93faa0336b435d6cdfc7682c12df">68a2cf7</a> Merge pull request #371 from FormidableLabs/fix-react16Compat</li> <li><a href="https://github.com/FormidableLabs/spectacle/commit/19623b712a5ee0c96cec09ce543719f3e38212da">19623b7</a> Remove node 4 target</li> <li><a href="https://github.com/FormidableLabs/spectacle/commit/3c8e3aee3172d6374b77c5723258cc70ba773fe1">3c8e3ae</a> updating snapshot</li> <li><a href="https://github.com/FormidableLabs/spectacle/commit/3919fb168c4e15fea3f1a9d6e8609d033f596a2b">3919fb1</a> lint fixes</li> <li><a href="https://github.com/FormidableLabs/spectacle/commit/3c4235b171fd60da5662513f3293c3f36fc4964c">3c4235b</a> Bump react-typography</li> <li><a href="https://github.com/FormidableLabs/spectacle/commit/9dd38d9c0f381babca4a2ec0c86229a973e723ea">9dd38d9</a> Fix tests</li> <li><a href="https://github.com/FormidableLabs/spectacle/commit/6b13ee4455ea570527fb3abd61a2f409e4214b77">6b13ee4</a> Handle warning: Add raf polyfill</li> <li><a href="https://github.com/FormidableLabs/spectacle/commit/74225a36a91f257f2324ab52a13df78edb5ff3af">74225a3</a> Bump react@^16.0.0</li> <li><a href="https://github.com/FormidableLabs/spectacle/commit/28f2be26492acdf339456360ec78c0c22a5bdb3c">28f2be2</a> Fix large image slide cut-offs in presentation mode. (#368)</li> <li><a href="https://github.com/FormidableLabs/spectacle/commit/2ff9a37c686a972d55cb42fbad0249720dee0f56">2ff9a37</a> Step counter feature (#360)</li> <li><a href="https://github.com/FormidableLabs/spectacle/commit/57141b6992ee6d24c320904ef57e863f9446ef62">57141b6</a> Enable scroll in CodePane. (#363)</li> <li><a href="https://github.com/FormidableLabs/spectacle/commit/5664af4ff9da1039ac53914b208af60b101b0a0b">5664af4</a> Update presenter-components.js (#357)</li> </ul>

<a href="https://github.com/FormidableLabs/spectacle/compare/e5188e936e96d2995687fc841f715ca7467fb454...e0e8f5552a343b7a299b4a81c190af2d8b850fe7">See the full diff</a> </details> </details>

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:

🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

+2 -2

0 comment

1 changed file

snyk-bot

pr closed time in 2 days

push eventkarlhorky/talks

snyk-bot

commit sha 3d2fd0a6489dd2493f81bd30d073ec9af0ceb9ff

fix: packages/2017-04-27-react-kyiv-rise-of-low-configuration-tooling/package.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-MINIMIST-559764 - https://snyk.io/vuln/SNYK-JS-YARGSPARSER-560381 - https://snyk.io/vuln/npm:braces:20180219 - https://snyk.io/vuln/npm:mem:20180117

view details

push time in 2 days

create barnchkarlhorky/talks

branch : snyk-fix-79bb7272b56fe7880fca26b1f3316222

created branch time in 2 days

push eventkarlhorky/nextjs-example

Karl Horky

commit sha 325b758cb2476a619fa8c289027b625ee015bbc7

Upgrade to address security issues

view details

push time in 2 days

push eventkarlhorky/node-gyp

Karl Horky

commit sha 482e0a3f32010e3a8df0affd082458392c85d722

doc: add macOS Catalina software update info

view details

push time in 2 days

PR opened nodejs/node-gyp

Add docs for macOS Catalina Software Updates
Checklist
Description of change

Every time I do a Software Update in macOS Catalina, the command-line tools are borked with node-gyp and I need to follow this "I did all that..." section. I have also seen this affect others.

I've added a few simple changes to the steps to guide users in case the xcode-select --install step fails.

+11 -10

0 comment

1 changed file

pr created time in 2 days

push eventkarlhorky/node-gyp

Karl Horky

commit sha 9a6906e58e4b70cfe45e289dfefa1a54e84eb67b

Add docs for macOS Catalina Software Updates

view details

push time in 2 days

fork karlhorky/node-gyp

Node.js native addon build tool

fork in 2 days

push eventkarlhorky/next-database-example

Karl Horky

commit sha 083b8e89b980ed624cd7791061b7025d5b0628f3

Fix security vulnerabilities

view details

push time in 2 days

startedkarlhorky/next-database-example

started time in 2 days

push eventkarlhorky/express-postgres-api

Karl Horky

commit sha cc530a297168256ff89ec88e7075fed6a2563b93

Update technologies

view details

push time in 2 days

issue commentwycats/handlebars.js

Peer Dependency has Security Vulnerability

If you use Yarn, here's a workaround for now until this is fixed (maybe with #1662):

Add the following resolution to your package.json and run yarn.

  "resolutions": {
    "**/optimist/minimist": "0.2.1"
  }

This will force all versions of optimist to use minimist@0.2.1, regardless of which package is depending on optimist.

ferencbeutel4711

comment created time in 2 days

startedobipawan/react-native-hyperlink

started time in 3 days

pull request commentcypress-io/cypress

Upgrade extract-zip to address vulnerability

Thanks for the merge @jennifer-shehane! Will this be released with 4.2.1?

karlhorky

comment created time in 3 days

pull request commentcypress-io/cypress

Upgrade extract-zip to address vulnerability

@khitrenovich thanks, updated!

karlhorky

comment created time in 3 days

push eventkarlhorky/cypress

Karl Horky

commit sha 92c4defaad56e8a9fab7c903fb34b90fdb697b4b

Update Yarn lockfile

view details

push time in 3 days

push eventkarlhorky/express-postgres-api

Karl Horky

commit sha 9b27e99695891c222e27c111f682bda948c7d2da

Add resolution to address security vulnerability

view details

push time in 3 days

issue commentnpm/rfcs

[FEATURE] Create RFC for Yarn Resolutions

Oh nice, an acceptDependencies field! In which version of npm can I use this?

Does this cover common cases of Yarn Resolutions? For example:

1. I want to upgrade all versions of minimist at any level to version 0.2.1:

{
  "resolutions": {
    "minimist": "0.2.1"
  }
}

It looks like acceptDependencies covers this use case.

2. I want to upgrade minimist to 0.2.1, but only when it's a dependency of mkdirp. In other cases, I want to use version 1.2.5.

{
  "resolutions": {
    "**/mkdirp/minimist": "0.2.1",
    "mkdirp": "1.2.5"
  }
}

I'm not sure whether acceptDependencies would cover this common case.

These are just a couple that I have dealt with a lot. Maybe @arcanis could chime in with other common use cases for Resolutions.


Taking a look at the example of acceptDependencies, it's not immediately clear to me whether anything other than the most simple case is supported:

{
    "name": "my-node4-package",
    "engines": {
        "node": ">=4"
    },
    "dependencies": {
        "make-dir": "^1.3.0"
    },
    "acceptDependencies": {
        "make-dir": "2.x - 3.x"
    }
}
karlhorky

comment created time in 3 days

issue commentcypress-io/cypress

Replace deprecated dependencies

Addressed this in #6845

jennifer-shehane

comment created time in 3 days

issue commentcypress-io/cypress

Cypress 4.2.0 10 low vulnerabilities concerning upgrade to minimist 1.2.3

Opened #6845 to address the extract-zip update.

Phillipe-Bojorquez

comment created time in 3 days

PR opened cypress-io/cypress

Upgrade extract-zip to address vulnerability

Reference: #6793

User facing changelog

Versions of extract-zip before 1.6.8 depended on a vulnerable version of minimist via mkdirp:

https://github.com/maxogden/extract-zip/pull/85#issuecomment-603563097

Minimist vulnerability: https://app.snyk.io/vuln/SNYK-JS-MINIMIST-559764

How has the user experience changed?

Less security vulnerabilities.

PR Tasks

  • [ ] Have tests been added/updated?
  • [ ] Has the original issue been tagged with a release in ZenHub? <!-- (internal team only)-->
  • [ ] Has a PR for user-facing changes been opened in cypress-documentation? <!-- Link to PR here -->
  • [ ] Have API changes been updated in the type definitions?
  • [ ] Have new configuration options been added to the cypress.schema.json?
+1 -1

0 comment

1 changed file

pr created time in 3 days

push eventkarlhorky/cypress

Karl Horky

commit sha e084a5e27039a5c5bbe6c98132e1828316103d16

Upgrade extract-zip to address vulnerability Versions of extract-zip before `1.6.8` depended on a vulnerable version of `minimist` via `mkdirp`: https://github.com/maxogden/extract-zip/pull/85#issuecomment-603563097 Minimist vulnerability: https://app.snyk.io/vuln/SNYK-JS-MINIMIST-559764

view details

push time in 3 days

fork karlhorky/cypress

Fast, easy and reliable testing for anything that runs in a browser.

https://www.cypress.io

fork in 3 days

push eventkarlhorky/react-snap

Karl Horky

commit sha 4417f498ef1ac6f374bd3eedbe775538b98e1167

Update lockfile

view details

push time in 3 days

push eventkarlhorky/react-snap

Karl Horky

commit sha 9fd580ea289be253c70da31b871608af88361197

Upgrade mkdirp

view details

push time in 3 days

pull request commentprettier/prettier

Always add a space after the `function` keyword

Churn and Major Versions: I think churn caused by a major version is not unacceptable for an opinionated formatting tool. There will always be opinions against and for a specific style, and Prettier needs to try to find some middle ground that is a "pretty" style in the eyes of the majority of the ecosystem.

A Proposal: However, maybe Prettier can make the transition easier for those upgrading to a major version. For example, after upgrading to a Prettier major, let the user know and give them an easy way to upgrade their whole project at once (or change their option, in case there is one).


For example, consider #4102 (the change of quotes to default to single quotes), which may be changed in 3.0.

With some kind of automation or messaging, the users who upgrade to 3.0 would receive a message that this option has changed and a simple way to upgrade their whole project in one step.

Since this case with quotes also has a corresponding option, there would be a separate step for those users who prefer double quotes, which would add the option to the Prettier config.


I would imagine the CLI could handle such a thing with a new command (possibly also with a version field in prettier.config.js):

prettier migrate
j-f1

comment created time in 4 days

issue commentwycats/handlebars.js

Use yargs instead of deprecated optimist in 4.x release

If you use Yarn, here's a workaround for now until this is fixed (maybe with #1662):

Add the following resolution to your package.json and run yarn.

  "resolutions": {
    "**/optimist/minimist": "0.2.1"
  },

This will force all versions of optimist to use minimist@0.2.1, regardless of which package is depending on optimist.

ShintaroOkuda

comment created time in 4 days

push eventupleveled/system-setup

Karl Horky

commit sha e6d9ec4fc2fa8e02db62dc11201f3e2b2cdf4db0

Fix indentation

view details

push time in 4 days

push eventupleveled/system-setup

Karl Horky

commit sha cb1b5081a4f54fbcd9f3a7facce812276d02e669

Try fixing code blocks

view details

push time in 4 days

push eventupleveled/system-setup

Karl Horky

commit sha bbc07005f5723ef48a96d68bcb94497d26806f6c

Try to fix code blocks

view details

push time in 4 days

push eventupleveled/md2pdf

Karl Horky

commit sha fbf8192b2e1b78432320c832960c6aef483fa444

Change security fix to not break semver

view details

push time in 4 days

startedjitsi/jitsi-meet

started time in 4 days

issue commentisaacs/node-mkdirp

ship a fix for mkdirp@0.5.1 due minimist

Nice, cool that npm audit fix knows which dependents to update to fix security issues further down in the dependency tree - didn't know that it could do that!

To compare, @dependabot can't do that trick yet: https://twitter.com/karlhorky/status/1239183753911701504

juanpicado

comment created time in 5 days

pull request commentphtmlorg/phtml

Fix 11ty abbreviation

No worries, glad to help :)

karlhorky

comment created time in 5 days

push eventkarlhorky/privacy-shared-cards-clone

Karl Horky

commit sha d25a0372bf0fdb165c7ddf4f2e5ea17fd5f2b277

Add img alt attributes

view details

Karl Horky

commit sha cf437daae63668f7572db69528832228c4c2429f

Add media queries for responsive design

view details

push time in 5 days

issue commentisaacs/node-mkdirp

ship a fix for mkdirp@0.5.1 due minimist

If you use npm, there is a package that makes this easier: npm-force-resolutions

npm will also at some point probably receive full Resolutions support: https://github.com/npm/rfcs/issues/56

juanpicado

comment created time in 5 days

PR opened phtmlorg/phtml

Fix 11ty abbreviation

Thanks for the project! Just a quick PR to fix the 11ty abbreviation.

+1 -1

0 comment

1 changed file

pr created time in 5 days

push eventkarlhorky/phtml

Karl Horky

commit sha be7de6bc7327b7e25f68700ae2ec17f099c11b92

Fix 11ty abbreviation

view details

push time in 5 days

fork karlhorky/phtml

Transform HTML with JavaScript

https://phtml.io

fork in 5 days

pull request commentmaticzav/nookies

Fix import

No worries, thanks for merging!

karlhorky

comment created time in 6 days

pull request commentprettier/prettier

Change default of singleQuote to true

Even though more than a few people and their friends / colleagues supporting double quotes suddenly appeared in this issue to make this into a heated discussion, it seems like given the numbers that they are the vocal minority - which seems to me should not be the reason that Prettier decides to do or not do something.

I still feel that given the research that has been already done, this change to a default single quote would better fit JavaScript and benefit the majority of developers who write it.

Every time a poll has been done, the majority supports this choice.

If the research is required for 3.0 that a larger, more wide reaching and impartial poll or survey of existing code be done (which I believe is overblown for a default on a configurable option), then I'm sure that the numbers would also tell the same story as they have up until now.

karlhorky

comment created time in 6 days

pull request commentprettier/prettier

Change default of singleQuote to true

Only if there is a final decision about changing this default, I guess. Otherwise, what for?

To have a PR that can be easily merged if and when the decision is made to merge (for example, for 3.0).

Even though more than a few people and their friends / colleagues supporting double quotes suddenly appeared in this issue to make this into a heated discussion, it seems like given the numbers that they are the vocal minority - which seems to me should not be the reason that Prettier decides to do or not do something.

I still feel that given the research that has been already done, this change to a default single quote would better fit JavaScript and benefit the majority of developers who write it.

Every time a poll has been done, the majority supports this choice.

If the research is required for 3.0 that a larger, more wide reaching and impartial poll or survey of existing code be done (which I believe is overblown for a default on a configurable option), then I'm sure that the numbers would also tell the same story as they have up until now.

karlhorky

comment created time in 6 days

pull request commentprettier/prettier

Change default of singleQuote to true

@thorn0 @lipis @j-f1 @evilebottnawi Should this be rebased on the 2.0 branch now and a new PR opened?

I think it probably shouldn't just stay closed just because it was accidentally closed...

karlhorky

comment created time in 6 days

delete branch karlhorky/nookies

delete branch : patch-2

delete time in 6 days

pull request commentmaticzav/nookies

Fix import

@maticzav yep! I wasn't sure whether #232 would be accepted, so this was separate. Still needs to be fixed.

karlhorky

comment created time in 6 days

push eventupleveled/system-setup

Karl Horky

commit sha 9255b1e64a033c81b5f5c11926cc92d08e278c0e

Remove prettier master version

view details

push time in 6 days

PR opened stereobooster/react-snap

Update mkdirp to fix minimist vulnerability

Description

mkdirp has been updated to version 0.5.3

https://github.com/isaacs/node-mkdirp/issues/7#issuecomment-600231795

This addresses this prototype pollution vulnerability in minimist:

https://app.snyk.io/vuln/SNYK-JS-MINIMIST-559764

+1 -1

0 comment

1 changed file

pr created time in 6 days

push eventkarlhorky/react-snap

Karl Horky

commit sha 5aa7b767a8821ef758cf24b5e5584e490a80ecfa

Update mkdirp to fix minimist vulnerability `mkdirp` has been updated to version `0.5.3` https://github.com/isaacs/node-mkdirp/issues/7#issuecomment-600231795 This addresses this prototype pollution vulnerability in `minimist`: https://app.snyk.io/vuln/SNYK-JS-MINIMIST-559764

view details

push time in 6 days

fork karlhorky/react-snap

👻 Zero-configuration framework-agnostic static prerendering for SPAs

fork in 6 days

push eventkarlhorky/privacy-shared-cards-clone

Karl Horky

commit sha c23c92b47226729414104b7419f50cb9ba07a8af

Improve resolution compatibility with semver

view details

push time in 6 days

push eventkarlhorky/media-query-demo

Karl Horky

commit sha 8fde30757cad7b34d2a617bf6652c7015cd96175

Improve resolution compatibility with semver

view details

push time in 6 days

push eventkarlhorky/gatsby-serverside-auth0

Karl Horky

commit sha d0b5200043b4b77ace184e76dca47e6036be983e

Improve resolution compatibility with semver

view details

push time in 6 days

issue commentprettier/prettier

Prettier 2.0 – 2.0 2020

Congratulations on the 2.0 release! 🎉

lydell

comment created time in 6 days

more