I have an Ionic project for cross-platform development and it needs Capacitor to run on all those platforms. The issue is that a dependency of capacitor depends on this repo, that itself uses nodemon < 3 (that removed the vulnerability). It would be great if that repo could upgrade nodemon to remove the vulnerability definitely :)
Running npm audit fix does not fix it, but here is the result of npm why nodemon:
nodemon@2.0.22 dev
node_modules/nodemon
nodemon@"^2.0.7" from npm-watch@0.9.0
node_modules/npm-watch
npm-watch@"^0.9.0" from @trapezedev/project@7.0.10
node_modules/@trapezedev/project
@trapezedev/project@"^7.0.10" from @capacitor/assets@3.0.0
node_modules/@capacitor/assets
dev @capacitor/assets@"^3.0.0" from the root project
I have an Ionic project for cross-platform development and it needs Capacitor to run on all those platforms. The issue is that a dependency of capacitor depends on this repo, that itself uses nodemon < 3 (that removed the vulnerability). It would be great if that repo could upgrade nodemon to remove the vulnerability definitely :)
Running
npm audit fixdoes not fix it, but here is the result ofnpm why nodemon:nodemon 3 releases : https://github.com/remy/nodemon/releases