Closed IlCallo closed 6 years ago
Yeah - I'll do this today.
Or at the very least in the next couple of days :)
Problem seems to be still here :\ Seems to be given by node-tap and expect.js/mocha dependencies
What tool are you using there to display known vulnerabilities? You asked me to update dependencies, which I did to the latest at the time - short of stopping using those modules, I can't really do more.
Those modules (mocha and expect.js) are development dependencies only, and are not installed if you install using npm i nlf
.
It's github which is complaining, when I load a package-lock.json which contains them.
I just required nlf as a normal dependency and run npm install, tomorrow I'll try removing node_modules folder and retrying the installation from zero
Ok, this is a feature of github that I was not aware of. I don't seem to have these modules or vulnerabilities when I look at the equivalent page:
Solved, it was another package messing it up, sorry
Hey, no worries - I needed to update the dependencies anyway.
Some dependencies are really outdated and rise a warning when a package-lock containing them is loaded on GitHub. Is it possible to update them?