fix available via `npm audit fix`
node_modules/istanbul-api/node_modules/async
nanoid 3.0.0 - 3.1.30
Severity: moderate
Exposure of Sensitive Information to an Unauthorized Actor in nanoid - https://github.com/advisories/GHSA-qrpm-p2h7-hrv2
fix available via `npm audit fix`
node_modules/nanoid
mocha 8.2.0 - 9.1.4
Depends on vulnerable versions of nanoid
node_modules/mocha
3 vulnerabilities (2 moderate, 1 high)
As far as I know they all are related to dev-dependencies; so they are not the most important things in the world. On the other hand, it's probably good practice to just upgrade them.
Priority
Not really.
What Changed & Why
I simply ran
npm audit fix
npm was warning me about these vulnerabilities:
As far as I know they all are related to dev-dependencies; so they are not the most important things in the world. On the other hand, it's probably good practice to just upgrade them.