search

agutoli / serverless-layers

Serverless.js plugin implementing AWS Lambda Layers, reducing lambda size, warm-up, and deployment time.
MIT License
229 stars 54 forks source link

Remove "copy" library from package.json #90

Closed mgce closed 2 years ago

mgce commented 2 years ago

Running the following command npm audit --audit-level=moderate --production against this repository returns the following audit report:

 === npm audit security report ===                        

┌──────────────────────────────────────────────────────────────────────────────┐
│                                Manual Review                                 │
│            Some vulnerabilities require your attention to resolve            │
│                                                                              │
│         Visit https://go.npm.me/audit-guide for additional guidance          │
└──────────────────────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High          │ Regular expression denial of service                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ glob-parent                                                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=5.1.2                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ copy                                                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ copy > glob-parent                                           │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://github.com/advisories/GHSA-ww39-953v-wcq6            │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High          │ Regular expression denial of service                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ glob-parent                                                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=5.1.2                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ copy                                                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ copy > to-file > glob-parent                                 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://github.com/advisories/GHSA-ww39-953v-wcq6            │
└───────────────┴──────────────────────────────────────────────────────────────┘
found 2 high severity vulnerabilities in 148 scanned packages
  2 vulnerabilities require manual review. See the full report for details.

As I checked in the codebase this library is no longer in use, so it can be safely removed from package.json

agutoli commented 2 years ago

LGTM! I do appreciate your help @mgce ! PR's very welcome!