Closed DonBrinn closed 4 years ago
>npm audit === npm audit security report === # Run npm update eslint-utils --depth 2 to resolve 1 vulnerability Critical Arbitrary Code Execution Package eslint-utils Dependency of eslint [dev] Path eslint > eslint-utils More info https://npmjs.com/advisories/1118 # Run npm update acorn --depth 3 to resolve 1 vulnerability Moderate Regular Expression Denial of Service Package acorn Dependency of eslint [dev] Path eslint > espree > acorn More info https://npmjs.com/advisories/1488 found 2 vulnerabilities (1 moderate, 1 critical) in 574 scanned packages run `npm audit fix` to fix 2 of them.
This seems to be caused by just an out-of-date package-lock.json, and not actually requiring any updated dependency versions in package.json.