Closed Anders-E closed 2 years ago
Since both tools are only used at build time and serialize-javascript is never used to generate executable JS, these are superficial vulnerabilities. Nice to fix the warnings, but they are meaningless in this case.
@developit
I agree completely, but as you said, having the warnings gone would feel better since this is probably most people's first impression of Preact.
PRs are always open and appreciated if you'd like to submit a fix for these.
Do you want to request a feature or report a bug?
Report a bug.
What is the current behaviour?
preact-cli
currently generates apps with 3 dependencies with vulnerabilities.The results of running
npm audit
on a fresh project generated bypreact create default my-app
:If the current behaviour is a bug, please provide the steps to reproduce.
What is the expected behaviour?
No vulnerabilities.
Please mention other relevant information.
Please paste the results of
preact info
here.