You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I just got around to making a pull request but was beaten to the punch by @leonklingele
In the process of forking, cloning, NPM installing, and starting to work, I noticed the following from npm audit:
found 321 vulnerabilities (3 low, 2 moderate, 314 high, 2 critical) in 11672 scanned packages
run `npm audit fix` to fix 318 of them.
3 vulnerabilities require manual review. See the full report for details.
Running npm audit fix updates jsdoc from ^3.4.3 to ^3.6.3 and resolves 318 of the issues
The remaining 3 issues are all "low" severity and all derive from the braces sub-dependency (used by both qunitjs and rollup-watch). Since they're both pulling in braces from micromatch, it may make more sense for micromatch to update those? I'm not entirely sure what the process is when a sub-dependency has a security issue like that.
The text was updated successfully, but these errors were encountered:
I just got around to making a pull request but was beaten to the punch by @leonklingele
In the process of forking, cloning, NPM installing, and starting to work, I noticed the following from
npm audit
:Running
npm audit fix
updatesjsdoc
from^3.4.3
to^3.6.3
and resolves 318 of the issuesThe remaining 3 issues are all "low" severity and all derive from the
braces
sub-dependency (used by bothqunitjs
androllup-watch
). Since they're both pulling inbraces
frommicromatch
, it may make more sense formicromatch
to update those? I'm not entirely sure what the process is when a sub-dependency has a security issue like that.The text was updated successfully, but these errors were encountered: