-
### What happened?
Due to https://github.com/advisories/GHSA-pxg6-pf52-xh8x currently Jitsi cannot be installed from source.
```
cookie =3.0.0-alpha1
Depends on vulnerable versions of cooki…
-
During the implementation of #411, In order to follow established convention in other ESM conversion, I introduced the `npm audit signature` command into the CI process, but I get below error occurs w…
-
### Self-service
- [ ] I'd be willing to implement a fix
### Describe the bug
When I try to scan my Yarn projects with `yarn npm audit --all --recursive`, then it silently ignores certificate setti…
-
```
# npm audit report
micromatch
-
I'd like to use eshost for testing one of my projects, but I'm a little worried about the npm audit report:
```
# npm audit report
cookie =1.8.0
Depends on vulnerable versions of cookie
Depends…
-
From `npm audit`:
```
path-to-regexp 7.0.0 - 7.2.0
Severity: high
path-to-regexp outputs backtracking regular expressions - https://github.com/advisories/GHSA-9wv6-86v2-598j
fix available …
-
6 moderate vulnerabilities exist in the current state of the package.
I was able to go down to 4 moderates by adding 2 overrides in my package.json:
`"overrides": {
"semver": "^6.3.1",
"…
-
The latest version of sails has a variety of issues listed under NPM audit.
* There are 4 deprecation warnings, 1 of which references a memory leak issue.
* There are 7 vulnerabilities listed, 2 b…
-
`trivy` security scanner reports vulnerable dependencies in Shaarli's `yarn.lock`
https://github.com/shaarli/Shaarli/actions/runs/7077779999/job/19262500733
```
yarn.lock (yarn)
==============…
-
Il y a un certain nombre de paquets dépréciés utilisés dans le projet qui devraient être corrigés pour accroître la stabilité de l'application.
Voici le retour de la commande `npm install --legacy-…