Bump RetireJS to 2.X
Problem to solve
RetireJS is now at 2.X. We should update our analyzer.
Target audience
Developer, various Security roles.
Further details
2.x
output:
{
"version": "2.0.2",
"start": "2018-12-17T15:55:52.351Z",
"data": [
{
"file": "node_modules/ansi2html/package.json",
"results": [
{
"component": "ansi2html",
"version": "0.0.1",
"vulnerabilities": [
{
"info": ["https://nodesecurity.io/advisories/51"],
"below": "100",
"severity": "high"
}
]
}
]
}
],
"messages": [],
"errors": [],
"time": 0.073
}
1.x
output:
[
{
"results": [
{
"component": "ansi2html",
"version": "0.0.1",
"parent": { "component": "sast-test-npm", "version": "1.0.0" },
"level": 1,
"vulnerabilities": [
{
"info": ["https://nodesecurity.io/advisories/51"],
"severity": "high"
}
]
}
]
}
]
Proposal
Bump RetireJS to 2.X and adapt our analyzer to the new output.
What does success look like, and how can we measure that?
Links / references
Edited by Olivier Gonzalez