search

IBM / container-service-getting-started-wt

Other
95 stars 212 forks source link

Lab 1 Multiple security notices with some high vulnerability #99

Closed dprosper closed 5 years ago

dprosper commented 5 years ago

While running the npm install multiple vulnerabilities are reported ... 

 ---> Running in 752473c3231a
npm WARN notice [SECURITY] debug has the following vulnerability: 1 low. Go here for more details: https://www.npmjs.com/advisories?search=debug&version=2.2.0 - Run `npm i npm@latest -g` to upgrade your npm version, and then `npm audit` to get more info.
npm WARN deprecated connect@2.30.2: connect 2.x series is deprecated
npm WARN notice [SECURITY] morgan has the following vulnerability: 1 moderate. Go here for more details: https://www.npmjs.com/advisories?search=morgan&version=1.6.1 - Run `npm i npm@latest -g` to upgrade your npm version, and then `npm audit` to get more info.
npm WARN notice [SECURITY] mime has the following vulnerability: 1 moderate. Go here for more details: https://www.npmjs.com/advisories?search=mime&version=1.3.4 - Run `npm i npm@latest -g` to upgrade your npm version, and then `npm audit` to get more info.
npm WARN notice [SECURITY] base64-url has the following vulnerability: 1 high. Go here for more details: https://www.npmjs.com/advisories?search=base64-url&version=1.2.1 - Run `npm i npm@latest -g` to upgrade your npm version, and then `npm audit` to get more info.
npm WARN notice [SECURITY] negotiator has the following vulnerability: 1 high. Go here for more details: https://www.npmjs.com/advisories?search=negotiator&version=0.5.3 - Run `npm i npm@latest -g` to upgrade your npm version, and then `npm audit` to get more info.
npm WARN notice [SECURITY] fresh has the following vulnerability: 1 high. Go here for more details: https://www.npmjs.com/advisories?search=fresh&version=0.3.0 - Run `npm i npm@latest -g` to upgrade your npm version, and then `npm audit` to get more info.
npm notice created a lockfile as package-lock.json. You should commit this file.
npm WARN hello-world-demo@0.0.1 No repository field.
npm WARN hello-world-demo@0.0.1 No license field.

It looks like the version of Express is locked into an older release, can the repo be updated to use the latest?

jgarcows commented 5 years ago

Fixed.