search

dtabuenc / karma-html-reporter

Karma Html Reporter Plugin
MIT License
45 stars 30 forks source link

Update dependencies to fix npm audit warnings #41

Closed MethodGrab closed 5 years ago

MethodGrab commented 5 years ago

When including karma-html-reporter as a dependency in a project, a warning is shown any time npm audit is run. This PR updates the dependencies so the warning is no longer displayed.

$ npm audit

                       === npm audit security report ===                        

┌──────────────────────────────────────────────────────────────────────────────┐
│                                Manual Review                                 │
│            Some vulnerabilities require your attention to resolve            │
│                                                                              │
│         Visit https://go.npm.me/audit-guide for additional guidance          │
└──────────────────────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low           │ Prototype Pollution                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ lodash                                                       │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=4.17.5                                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ karma-html-reporter [dev]                                    │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ karma-html-reporter > lodash                                 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/577                       │
└───────────────┴──────────────────────────────────────────────────────────────┘
found 1 low severity vulnerability in 12000 scanned packages
  1 vulnerability requires manual review. See the full report for details.
pranavbhargava commented 5 years ago

Can we please have this approved and merged?

buenjybar commented 5 years ago

Will be great to have an update on this @dtabuenc

buenjybar commented 5 years ago

@pranavbhargava can we get a new release version?