Audit vulnerabilities - update dependancies

Netflix / unleash

Professionally publish your JavaScript modules in one keystroke

http://netflix.github.io/unleash/

Apache License 2.0

595 stars 26 forks source link

Audit vulnerabilities - update dependancies #22

Open elayard opened 4 years ago

elayard commented 4 years ago

When run yarn or npm audit theres a number of vulnerabilities concerns raised with unleash's dependancies. Could these updated?

jameswomack commented 4 years ago

@elayard I'm no longer at Netflix but I'm still able to publish to NPM via code in my original repo https://github.com/jameswomack/unleash (https://www.npmjs.com/package/unleash v2.0.2)

Running audit there is not perfect, but significantly improved:

found 4 vulnerabilities (3 low, 1 moderate) in 15189 scanned packages
  2 vulnerabilities require semver-major dependency updates.
  2 vulnerabilities require manual review. See the full report for details.