Botium-core has since lost its dependency on vm2, which is currently showing as a 'critical' vulnerability in npm audit (and therefore dependabot in our repository at work). This is a minimal change to deal with that alert.
I've verified that this project appears to still run successfully in the sample project:
And npm run build is fine:
Let me know if there's anything else I can do. There are other dependencies which could be updated, but I've kept this minimal to focus on the security issue (even though realistically most botium use cases won't be public-facing).
CharlesEkkel
commented
4 months ago
Fix for issue #129.
Botium-core has since lost its dependency on
vm2, which is currently showing as a 'critical' vulnerability in npm audit (and therefore dependabot in our repository at work). This is a minimal change to deal with that alert.I've verified that this project appears to still run successfully in the sample project:
And
npm run buildis fine:Let me know if there's anything else I can do. There are other dependencies which could be updated, but I've kept this minimal to focus on the security issue (even though realistically most botium use cases won't be public-facing).