search

Redocly / developer-portal-starter

Starter template for the Redocly developer portal
https://redoc.ly
Other
64 stars 102 forks source link

Security issues in packages #94

Open AX-LLaidley opened 3 years ago

AX-LLaidley commented 3 years ago

There are many security issues in the dependencies of @redocly/developer-portal@1.0.0-beta.143 that I can't seem to fix using Yarn or NPM due to those tools being unable to resolve the dependency tree. Yarn reports 52 overall vulnerabilities, with 15 being deemed high risk. NPM reports 86 vulnerabilities (61 moderate, 25 high).

Any chance we can get the dependencies brought up to date to help resolve these issues? Thanks in advance. eresolve-report692021.txt

RomanHotsiy commented 3 years ago

Hi @AX-LLaidley,

Thanks for your report. Could you please specify the version of npm and yarn you use.

Thanks!

AX-LLaidley commented 3 years ago

Hi @RomanHotsiy,

I'm using npm 7.15.1 and yarn 1.22.10. I only tried using npm to see if I could use npm audit fix to update the packages. But it's having problems resolving dependencies now, which is most likely due to me trying to update packages manually and it not working correctly.