found 2 moderate severity vulnerabilities

peterennis commented 5 years ago

Stencil version: (run npm list @stencil/core from a terminal/cmd prompt and paste output below):

@stencil/core@0.13.2

I'm submitting a ... (check one with "x") [ ] bug report [ ] feature request [ ] support request => Please do not submit support requests here, use one of these channels: https://forum.ionicframework.com/ or https://stencil-worldwide.slack.com

Current behavior:

Security warnings

Expected behavior:

NO Security warnings

Steps to reproduce:

Related code:

                       === npm audit security report ===

                                 Manual Review
             Some vulnerabilities require your attention to resolve

          Visit https://go.npm.me/audit-guide for additional guidance

  Moderate        Regular Expression Denial of Service

  Package         semver

  Patched in      >=4.3.2

  Dependency of   @stencil/core [dev]

  Path            @stencil/core > rollup-plugin-node-builtins > browserify-fs
                  > levelup > semver

  More info       https://nodesecurity.io/advisories/31

  Moderate        Memory Exposure

  Package         bl

  Patched in      >=0.9.5 <1.0.0 || >=1.0.1

  Dependency of   @stencil/core [dev]

  Path            @stencil/core > rollup-plugin-node-builtins > browserify-fs
                  > levelup > bl

  More info       https://nodesecurity.io/advisories/596

found 2 moderate severity vulnerabilities in 2985 scanned packages
  2 vulnerabilities require manual review. See the full report for details.

Other information:

peterennis commented 5 years ago

Also here:

https://github.com/ionic-team/ionic-pwa-elements/issues/4

and maybe other places due to stencil core dependency

peterennis commented 5 years ago

Fixed by this version bump: https://github.com/ionic-team/stencil-component-starter/commit/a8e4eed79661810117a8d8ab98cf699fb7cb17be

ionic-team / stencil-component-starter

found 2 moderate severity vulnerabilities #64