Up to date dependencies don't cause audit issues which can break CI/CD builds.
Actual Behaviour
npm audit fails:
engine.io <4.0.0
Severity: high
Resource exhaustion in engine.io - https://github.com/advisories/GHSA-j4f2-536g-r55m
No fix available
node_modules/engine.io
socket.io 1.0.0-pre - 2.4.1
Depends on vulnerable versions of engine.io
node_modules/socket.io
browser-sync >=1.0.0
Depends on vulnerable versions of socket.io
node_modules/browser-sync
@adobe/aem-site-theme-builder *
Depends on vulnerable versions of browser-sync
Depends on vulnerable versions of shelljs
node_modules/@adobe/aem-site-theme-builder
shelljs <0.8.5
Severity: high
Improper Privilege Management in shelljs - https://github.com/advisories/GHSA-4rq4-32rv-6wp6
No fix available
node_modules/shelljs
@adobe/aem-site-theme-builder *
Depends on vulnerable versions of browser-sync
Depends on vulnerable versions of shelljs
node_modules/@adobe/aem-site-theme-builder
Expected Behaviour
Up to date dependencies don't cause audit issues which can break CI/CD builds.
Actual Behaviour
npm audit
fails:Reproduce Scenario (including but not limited to)
Run
npm audit
from theme folderSteps to Reproduce
Platform and Version
Sample Code that illustrates the problem
Logs taken while reproducing problem