search

AnomalyInnovations / serverless-bundle

Optimized packages for ES6 and TypeScript Node.js Lambda functions without any configuration.
https://serverless-stack.com/chapters/package-lambdas-with-serverless-bundle.html
MIT License
531 stars 155 forks source link

High vulnerabilities in dependecies #62

Open mladenstojanovic opened 4 years ago

mladenstojanovic commented 4 years ago

Running npm audit with this package installed shows high vulnerabilities with handlebars package (serverless-bundle > jest > jest-cli > @jest/core > @jest/reporters > istanbul-reports > handlebars) Also, serialize-javascript shows moderate vulnerability (serverless-bundle > webpack > terser-webpack-plugin > serialize-javascript )

jayair commented 4 years ago

Yup we'll fix these in the next minor update.

arpadrozsa commented 3 years ago

@jayair Currently serialize-javascript has a high vulnerability in serverless-bundle > copy-webpack-plugin > serialize-javascript. Can you update the copy-webpack-plugin to eliminate the vulnerabilty?

jayair commented 3 years ago

Got it. Here's the update:

https://github.com/AnomalyInnovations/serverless-bundle/releases/tag/v3.0.1