EddyVerbruggen
commented
5 years ago Hi, Github reports any security-related issues it finds in package-lock.json and will report that privately to the repo owner.
The offending dependencies have now been updated to newer versions, meaning those high and critical security issues are now gone.
Oh, btw, those issues were only part of the 'dev dependencies' section, so AFAIK those are not bundles with the npm package anyway.
Hi @EddyVerbruggen nice to see this plugin will stay alive. Just one question, when the repo was on @lfabreges he said that github has reported some vulnerabilites in certain dependencies. Do you know what was that about ?
Thanks.