search

ahmadawais / create-guten-block

📦 A zero-configuration #0CJS developer toolkit for building WordPress Gutenberg block plugins.
https://Awais.dev/cgb-post
MIT License
3.15k stars 327 forks source link

found 2 low severity vulnerabilities #291

Open Suzakura opened 3 years ago

Suzakura commented 3 years ago

Bug Report

                       === npm audit security report ===

                                 Manual Review
             Some vulnerabilities require your attention to resolve
          Visit https://go.npm.me/audit-guide for additional guidance

  Low             Denial of Service
  Package         mem
  Patched in      >=4.0.0
  Dependency of   cgb-scripts [dev]
  Path            cgb-scripts > webpack > yargs > os-locale > mem
  More info       https://npmjs.com/advisories/1084

  Low             Prototype Pollution
  Package         yargs-parser
  Patched in      >=13.1.2 <14.0.0 || >=15.0.1 <16.0.0 || >=18.1.2
  Dependency of   cgb-scripts [dev]
  Path            cgb-scripts > webpack > yargs > yargs-parser
  More info       https://npmjs.com/advisories/1500

cgb-scripts@1.23.1

I run "npm audit" it show 2 low severity vulnerabilities for cgb-scripts.

davidfcarr commented 3 years ago

Worrying about the same issue (not sure how worried I should be).

Running npm audit fix just gives a message saying manual intervention is required, apparently because of dependencies in cgb-scripts