Vulnerable dependencies

Question

Vulnerable dependencies

leandro-lucarella-sociomantic opened this issue 6 years ago · 21 comments

leandro-lucarella-sociomantic commented 6 years ago

See https://github.com/sociomantic-tsunami/flounder/network/alerts

Please update.

mousemke commented 6 years ago

confirmed

mousemke commented 6 years ago

renamed

mousemke commented 6 years ago

removed

Answer 1 · 2019-02-13T18:15:25.000Z

It looks like this project is abandoned. Shall we archive it to make that clear for the general public?

Answer 2 · 2019-02-13T18:27:56.000Z

i have:

a git fork
the keys to the npm repo
the keys to the slack community

so it does not bother me one way or another whether the Soc side of things stays active (Though i've enjoy working with ~~Soc~~ DH, it does appear abandoned from that side)

as we use it in some areas in Zalando i will continue to maintain and (occasionally) update my branch

Answer 3 · 2019-02-13T18:59:22.000Z

If we don't use it internally, I would also be open to transfer the repo to another organization if you plan to keep maintaining it.

Answer 4 · 2019-02-14T08:59:07.000Z

@leandro-lucarella-sociomantic we are still using an old version of flounder in some parts of the UI, but eventually it will be removed, and yes, the development/maintenance from our side is abandoned.

Answer 5 · 2019-02-14T13:57:42.000Z

@damian-rodriguez-sociomantic so a transfer/archival should be OK as long as:

the old versions are still provided by the new maintainer if we transfer it
the old versions can be still checked out via git if we archive it

Right?

Answer 6 · 2019-02-14T14:52:55.000Z

@leandro-lucarella-sociomantic yes, it should be fine

Answer 7 · 2019-02-14T15:59:34.000Z

@mousemke can you confirm if you are interested in getting this repo transferred to you/Zalando? If you are then I need to find out if I can actually do it (at the Dunnhumby side). Otherwise we will archive it.

Answer 8 · 2019-04-09T13:21:57.000Z

We will move forward with the transfer, and then we fork it from you in our org to make sure we can access the code as long as we need. @mousemke should we transfer to https://github.com/zalando or to https://github.com/mousemke?

Answer 9 · 2019-04-09T13:22:59.000Z

mousemke. thanks!

Answer 10 · 2019-04-09T13:29:14.000Z

You should ~~rename~~ remove your fork then:

The target account must not have a repository with the same name, or a fork in the same network.

https://help.github.com/en/articles/transferring-a-repository

All users of this repo should also read that whole guide, as they should update their git URLs in their clones for example.

Answer 11 · 2019-04-09T13:31:29.000Z

If you are uncomfortable with that we could also just add a note to the README saying the project moved and archive this one.

Answer 12 · 2019-04-09T13:33:55.000Z

ah. saw the edit. one sec

Answer 13 · 2019-04-09T13:38:19.000Z

You can only transfer a repository from an organization to yourself at this time

Really, GitHub? 🙄

Answer 14 · 2019-04-09T13:39:38.000Z

Is not even mentioned in the guide, so I wonder if it is a temporary limitation or an undocumented limitation. I could try asking to GH support, I'll try.

Answer 15 · 2019-04-09T13:46:37.000Z

lol it's always something

Answer 16 · 2019-04-11T16:23:21.000Z

OK, GitHub never got back to me so I went through the triangle. You should get a transfer request from my user.

Answer 17 · 2019-04-11T16:29:03.000Z

OK, just for the records, transfer done. This issue is now on your hands @mousemke :)

Answer 18 · 2019-04-11T16:29:52.000Z

🥳 - 🐭 On April 11, 2019 at 16:29 GMT, Leandro Lucarella <notifications@github.com> wrote: OK, just for the records, transfer done. This issue is now on your hands [@mousemke](https://github.com/mousemke) :) — You are receiving this because you were mentioned. Reply to this email directly, [view it on GitHub](#217 (comment)), or [mute the thread](https://github.com/notifications/unsubscribe-auth/ABaV6Cwp4q2LBJT-MdSTM_-jLU0I8r8Gks5vf2LPgaJpZM4a5-yy).