search

mhart / kinesalite

An implementation of Amazon's Kinesis built on LevelDB
MIT License
808 stars 86 forks source link

npm audit security report level-sublevel #85

Closed Jeff457 closed 5 years ago

Jeff457 commented 5 years ago

The latest version of level-sublevel (6.6.4) drops levelup as a dependency.

=== npm audit security report ===

# Run  npm install level-sublevel@6.6.4  to resolve 1 vulnerability
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate      │ Memory Exposure                                              │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ bl                                                           │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ level-sublevel                                               │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ level-sublevel > levelup > bl                                │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/596                       │
└───────────────┴──────────────────────────────────────────────────────────────┘

found 1 moderate severity vulnerability in 207 scanned packages
  run `npm audit fix` to fix 1 of them.
mhart commented 5 years ago

Forgot to close this when this library moved to subleveldown