dev-dependency coveralls has known vulnerabilities.
npm install --dev coveralls@2.11.2
npm WARN install Usage of the `--dev` option is deprecated. Use `--only=dev` instead.
npm WARN deprecated node-uuid@1.4.8: Use uuid module instead
+ coveralls@2.11.2
added 12 packages from 19 contributors, removed 31 packages and updated 19 packages in 6.272s
[!] 8 vulnerabilities found [2245 packages audited]
Severity: 8 Moderate
Run `npm audit` for more detail
I would like to bump it to npm install --dev coveralls@3.0.1.
However, there is one test failing at this moment (see details below) (with or without dependency update).
I would think the test needs to be fixed before moving on. Is it OK to fix the test and bump coveralls in the same PR? Thanks so much for your feedback.
The test might be failing only on windows due to newline dependency. I will test on my Linux when I'll get back home.
Hi
dev-dependency
coveralls
has known vulnerabilities.I would like to bump it to
npm install --dev coveralls@3.0.1
.However, there is one test failing at this moment (see details below) (with or without dependency update).
I would think the test needs to be fixed before moving on. Is it OK to fix the test and bump
coveralls
in the same PR? Thanks so much for your feedback.The test might be failing only on windows due to newline dependency. I will test on my Linux when I'll get back home.