This PR update dependencies, fixing two vulnerabilities.
Before:
=== npm audit security report ===
# Run npm install scp2@0.5.0 to resolve 3 vulnerabilities
High Regular Expression Denial of Service
Package minimatch
Dependency of scp2
Path scp2 > glob > minimatch
More info https://nodesecurity.io/advisories/118
Moderate Prototype Pollution
Package lodash
Dependency of scp2
Path scp2 > lodash
More info https://nodesecurity.io/advisories/782
Low Prototype Pollution
Package lodash
Dependency of scp2
Path scp2 > lodash
More info https://nodesecurity.io/advisories/577
# Run npm install node.extend@2.0.2 to resolve 1 vulnerability
SEMVER WARNING: Recommended action is a potentially breaking change
Moderate Prototype Pollution
Package node.extend
Dependency of node.extend
Path node.extend
More info https://nodesecurity.io/advisories/781
found 4 vulnerabilities (1 low, 2 moderate, 1 high) in 14 scanned packages
run `npm audit fix` to fix 3 of them.
1 vulnerability requires semver-major dependency updates.
After:
=== npm audit security report ===
Manual Review
Some vulnerabilities require your attention to resolve
Visit https://go.npm.me/audit-guide for additional guidance
Moderate Prototype Pollution
Package lodash
Patched in >=4.17.11
Dependency of scp2
Path scp2 > lodash
More info https://nodesecurity.io/advisories/782
Low Prototype Pollution
Package lodash
Patched in >=4.17.5
Dependency of scp2
Path scp2 > lodash
More info https://nodesecurity.io/advisories/577
found 2 vulnerabilities (1 low, 1 moderate) in 37 scanned packages
2 vulnerabilities require manual review. See the full report for details.
2 last vulnerabilites cannot be fixed, since they're not fixed by scp2 package maintainer.
This PR update dependencies, fixing two vulnerabilities.
Before:
After:
2 last vulnerabilites cannot be fixed, since they're not fixed by
scp2package maintainer.