These are all deep level dependencies that we have no control over, coming from Polymer. Unfortunately npm audit fix fails to fix any of them (seems to be a more generalized problem https://github.com/npm/cli/issues/3472).
As the Polymer Starter Kit is effectively dead, will refactor the client app to use something simpler with fewer dependencies and less risk of growing stale.
We have several Dependabot alerts to resolve:
https://github.com/nuxeo-sandbox/nuxeo-labs-user-registration/security/dependabot/nuxeo-labs-user-registration-web/package-lock.json/acorn/open https://github.com/nuxeo-sandbox/nuxeo-labs-user-registration/security/dependabot/nuxeo-labs-user-registration-web/package-lock.json/minimist/open https://github.com/nuxeo-sandbox/nuxeo-labs-user-registration/security/dependabot/nuxeo-labs-user-registration-web/package-lock.json/lodash/open
These are all deep level dependencies that we have no control over, coming from Polymer. Unfortunately
npm audit fixfails to fix any of them (seems to be a more generalized problem https://github.com/npm/cli/issues/3472).As the Polymer Starter Kit is effectively dead, will refactor the client app to use something simpler with fewer dependencies and less risk of growing stale.