iandotkelly
commented
6 years ago Yeah - I'll do this today.
Closed IlCallo closed 6 years ago
iandotkelly
commented
6 years ago Yeah - I'll do this today.
iandotkelly
commented
6 years ago Or at the very least in the next couple of days :)
iandotkelly
commented
6 years ago 
IlCallo
commented
6 years ago 
Problem seems to be still here :\
Seems to be given by node-tap and expect.js/mocha dependencies
iandotkelly
commented
6 years ago What tool are you using there to display known vulnerabilities? You asked me to update dependencies, which I did to the latest at the time - short of stopping using those modules, I can't really do more.
Those modules (mocha and expect.js) are development dependencies only, and are not installed if you install using npm i nlf.
IlCallo
commented
6 years ago It's github which is complaining, when I load a package-lock.json which contains them.
I just required nlf as a normal dependency and run npm install, tomorrow I'll try removing node_modules folder and retrying the installation from zero
iandotkelly
commented
6 years ago Ok, this is a feature of github that I was not aware of. I don't seem to have these modules or vulnerabilities when I look at the equivalent page:
IlCallo
commented
6 years ago Solved, it was another package messing it up, sorry
iandotkelly
commented
6 years ago Hey, no worries - I needed to update the dependencies anyway.
Some dependencies are really outdated and rise a warning when a package-lock containing them is loaded on GitHub. Is it possible to update them?