-
On my last npm upgrade I ended up with 2 vulnerabilities, that won't fix, no matter what.
As it turns out lpad-align insists on pulling in meow@3.7.0
please update, thx
-
```
[terablitz@tb mr_creator]$ sudo npm i -g mediumroast_js
[sudo] password for terablitz:
Sorry, try again.
[sudo] password for terablitz:
added 249 packages, and audited 250 packages in 8s
…
-
It seems the request package has a flaw that npm audit picks up.
https://github.com/advisories/GHSA-p8p7-x288-28g6
As request is deprecated and no longer supported are there any plans to replace i…
-
Hey @isaacs. Trying to use package. But I'm not quite sure if I'm using it correctly 😀 . when trying to pass the contents of package-lock.json to `opts.body` like this...
```js
const json = awa…
-
audit相关接口在70秒之后才会失败返回,并提示501 NOT_IMPLEMENTED
如果没有实现相关接口的计划,请快速返回失败。
```
npm http fetch POST 501 https://registry.npmmirror.com/-/npm/v1/security/advisories/bulk 71485ms attempt #3 (cache skip)
…
-
```
=== npm audit security report ===
# Run npm install winston-daily-rotate-file@4.7.1 to re…
-
Running `npm audit fix` should be all that's necessary.
-
I have the following workflow config:
```yaml
name: Semantic Release
on:
push:
branches: [main]
jobs:
release:
name: Release version
permissions:
…
-
npm audit
# npm audit report
axios 1.0.0 - 1.7.3
Severity: high
Axios Cross-Site Request Forgery Vulnerability - https://github.com/advisories/GHSA-wf5p-g6vw-rhxx
Server-Side Request Forgery i…
-
### Details of Audit
On 17th August 2020, there was been a security issue that was raised with `url-regex`. Details are as follows:
```
High Regular Expression Denial of Service …