search

NinesStack / sidecar

Gossip-based service discovery. Docker native, but supports non-container discovery, too.
MIT License
69 stars 7 forks source link

Vulnerabilities in ui/package.json #67

Closed JustusNBB closed 2 years ago

JustusNBB commented 2 years ago

sidecar/ui> npm audit [...] 51 vulnerabilities (4 low, 19 moderate, 21 high, 7 critical)

There is no lockfile!

@relistan you mentioned the project is maintained here https://github.com/newrelic/sidecar/issues/54#issuecomment-1190151585, so I would expect it not to have critical vulnerabilities, even if those are probably just exposed at build time!

relistan commented 2 years ago

Feel free to submit a PR @JustusNBB

JustusNBB commented 2 years ago

I will, as soon as I have an overview and we decide to use this SideCar :)

relistan commented 2 years ago

I don't plan to track this issue, so feel free to just open the PR (with this fix) when you get there. Closing.