NPM found 1 high severity vulnerability (mongodb must be >=3.1.13)

[flaforgue]

Hello,

First of all, thanks for your package which seems to be amazing ! I look forward to try it but I would like to warn you about this point : after the installation, NPM audit returns 1 high severity vulnerability. Here is the exact output :

                       === npm audit security report ===                        

                                 Manual Review                                  
             Some vulnerabilities require your attention to resolve             

          Visit https://go.npm.me/audit-guide for additional guidance           

  High            Denial of Service                                             

  Package         mongodb                                                       

  Patched in      >=3.1.13                                                      

  Dependency of   acl                                                           

  Path            acl > mongodb                                                 

  More info       https://nodesecurity.io/advisories/1203                       

found 1 high severity vulnerability in 879816 scanned packages
  1 vulnerability requires manual review. See the full report for details.

Do you think it would be a dependency hard to update ?

Have a nice day.

[eran10]

+1

[abitofcode]

+1

[josencv]

+1

[koresar]

Fixed in my fork acl2. More info here: https://github.com/OptimalBits/node_acl/issues/285#issuecomment-688599945