npm audit is issuing a warning about a vulnerability inside the node.extend, which is a dependency of dynamodb-locahost. I see there is an issue opened there: https://github.com/99xt/dynamodb-localhost/issues/38
Just a reminder to update this package too once dynamodb-locahost is updated. 😄
=== npm audit security report ===
┌──────────────────────────────────────────────────────────────────────────────┐
│ Manual Review │
│ Some vulnerabilities require your attention to resolve │
│ │
│ Visit https://go.npm.me/audit-guide for additional guidance │
└──────────────────────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate │ Prototype Pollution │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ node.extend │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=1.1.7 <2.0.0 || >= 2.0.1 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ serverless-dynamodb-local [dev] │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ serverless-dynamodb-local > dynamodb-localhost > rmdir > │
│ │ node.flow > node.extend │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/781 │
└───────────────┴──────────────────────────────────────────────────────────────┘
found 1 moderate severity vulnerability in 3906 scanned packages
1 vulnerability requires manual review. See the full report for details.
dsmileyephe
commented
5 years ago
npm auditis issuing a warning about a vulnerability inside the node.extend, which is a dependency of dynamodb-locahost. I see there is an issue opened there: https://github.com/99xt/dynamodb-localhost/issues/38 Just a reminder to update this package too once dynamodb-locahost is updated. 😄