Closed tnyeanderson closed 2 years ago
npm audit should not fail
npm audit
It fails with the following:
=== npm audit security report === ┌──────────────────────────────────────────────────────────────────────────────┐ │ Manual Review │ │ Some vulnerabilities require your attention to resolve │ │ │ │ Visit https://go.npm.me/audit-guide for additional guidance │ └──────────────────────────────────────────────────────────────────────────────┘ ┌───────────────┬──────────────────────────────────────────────────────────────┐ │ Moderate │ Cross-Site Scripting │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Package │ jquery │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Patched in │ >=3.5.0 │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Dependency of │ @postlight/mercury-parser │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Path │ @postlight/mercury-parser > jquery │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ More info │ https://npmjs.com/advisories/1518 │ └───────────────┴──────────────────────────────────────────────────────────────┘ found 1 moderate severity vulnerability in 403 scanned packages 1 vulnerability requires manual review. See the full report for details.
mercury-parser
npm install
Require "jquery" : "^3.5.0"
"jquery" : "^3.5.0"
Agree with the above bumped into the same issue here https://github.com/hello-efficiency-inc/raven-reader/issues/544
Expected Behavior
npm audit
should not failCurrent Behavior
It fails with the following:
Steps to Reproduce
mercury-parser
as a dependencynpm install
. Vulnerability is notednpm audit
Possible Solution
Require
"jquery" : "^3.5.0"