We found a potential security vulnerability in one of your dependencies.
A dependency defined in package-lock.json has known security vulnerabilities and should be updated.
Only users who have been granted access to vulnerability alerts for this repository can see this message.
Learn more about vulnerability alerts
These dependencies are defined in atlassian-connect-express’s manifest files, such as package-lock.json and package.json.
Dependencies defined in package-lock.json 241
25254?s=20&v=4
tj / node-growl growl
This upgrades mocha to a version that uses growl >= 1.10.0
This upgrades jshint to a version that has only a low vulnerability
via lodash (nothing high or critical)
NOTE: atlassian-connect-express upstream (https://bitbucket.org/atlassian/atlassian-connect-express/)
has completely eliminated its dependency on jugglingdb but until
migration to PostgreSQL is completed we have to stick with it hence the
custom fork to address outstanding vulnerabilities. This is because
sequelize does not support mongodb which is what jugglingdb was replaced
with.
We found a potential security vulnerability in one of your dependencies. A dependency defined in package-lock.json has known security vulnerabilities and should be updated.
Only users who have been granted access to vulnerability alerts for this repository can see this message. Learn more about vulnerability alerts
These dependencies are defined in atlassian-connect-express’s manifest files, such as package-lock.json and package.json.
Dependencies defined in package-lock.json 241 25254?s=20&v=4 tj / node-growl growl