search

facebook / docusaurus

Easy to maintain open source documentation websites.
https://docusaurus.io
MIT License
55.83k stars 8.37k forks source link

Vulnerabilities #932

Closed itsezc closed 6 years ago

itsezc commented 6 years ago

🐛 Bug Report

NPM reports vulnerabilities upon installing Docusaurus, on Node v10.6.0 MacOS High Sierra

Have you read the Contributing Guidelines on issues?

Yes

To Reproduce

  1. npm install docusaurus -D

Expected behavior

Install Docusaurus without issues

Actual Behavior

NPM reports there are 7 new vulnerabilities

as well as the following

npm WARN deprecated browserslist@1.7.7: Browserslist 2 could fail on reading Browserslist >3.0 config used in other tools. npm WARN deprecated gulp-util@3.0.8: gulp-util is deprecated - replace it, following the guidelines at https://medium.com/gulpjs/gulp-util-ca3b1f9f9ac5 npm WARN deprecated coffee-script@1.12.7: CoffeeScript on NPM has moved to "coffeescript" (no hyphen)

Upon running 'npm audit'

screen shot 2018-08-30 at 18 31 54 screen shot 2018-08-30 at 18 32 09

Reproducible Demo

None, just install Docusaurus

endiliey commented 6 years ago

This is caused due to imagemin dependency on Docusaurus. I think the right place to file the issue is at https://github.com/imagemin