search

mozilla / web-ext

A command line tool to help build, run, and test web extensions
Mozilla Public License 2.0
2.65k stars 334 forks source link

What to do about audit warnings? #3106

Closed GabenGar closed 2 months ago

GabenGar commented 3 months ago

Is this a feature request or a bug?

Neither.

What is the current behavior?

npm audit returns 8 moderate severity vulnerabilities but all the fixes downgrade web-ext to 7.2.0. Those don't sound like vulnerabilities which can be ignored either, especially since web-ext is highly likely to be used with webpack which brings at least few hundred dependencies along baseline.

What is the expected or desired behavior?

Fixing audit problems without downgrading web-ext.

Version information (for bug reports)

willdurand commented 3 months ago

v8 is nearly done, and that should address some if not all the audit warnings.

willdurand commented 2 months ago

see https://github.com/mozilla/web-ext/issues/2678 (also we released v8: https://github.com/mozilla/web-ext/releases/tag/8.0.0)