Closed erwinlauener closed 3 years ago
binyamin
commented
3 years ago @erwinlauener Thanks for checking in. You can just ignore this.
The reason for the error is that eleventy has a deep dependency (axios) which is outdated, and that old version has a security issue. As far as I know, we need to wait until the dependency which required axios (localtunnel) updates its own dependencies. See localtunnel/localtunnel#377
erwinlauener
commented
3 years ago Many thanks for your quick answer. I’ ll get it a new try soon.
erwinlauener
Am 05.01.2021 um 19:27 schrieb Binyamin Aron Green notifications@github.com:
@erwinlauener Thanks for checking in. You can just ignore this.
The reason for the error is that eleventy has a deep dependency (axios) which is outdated, and that old version has a security issue. As far as I know, we need to wait until the dependency which required axios (localtunnel) updates its own dependencies. See localtunnel/localtunnel#377
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or unsubscribe.
binyamin
commented
3 years ago @erwinlauener should be totally fixed now.
Hi
I am very interested in installing eleventy garden. Neither installing the zip container-files nor the git clone works. This is what npm audit returns:
Thank you for installing EJS: built with the Jake JavaScript build tool (https://jakejs.com/)
added 415 packages from 398 contributors and audited 415 packages in 8.819s
11 packages are looking for funding run
npm fundfor detailsfound 1 high severity vulnerability
┌──────────────────────────────────────────────────────────────────────────────┐ │ Manual Review │ │ Some vulnerabilities require your attention to resolve │ │ │ │ Visit https://go.npm.me/audit-guide for additional guidance │ └──────────────────────────────────────────────────────────────────────────────┘ ┌───────────────┬──────────────────────────────────────────────────────────────┐ │ High │ Server-Side Request Forgery │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Package │ axios │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Patched in │ >=0.21.1 │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Dependency of │ @11ty/eleventy [dev] │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Path │ @11ty/eleventy > browser-sync > localtunnel > axios │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ More info │ https://npmjs.com/advisories/1594 │ └───────────────┴──────────────────────────────────────────────────────────────┘ found 1 high severity vulnerability in 415 scanned packages 1 vulnerability requires manual review. See the full report for details.
Any suggestions? Thanks a lot. erwin