Closed melvrickgoh closed 11 months ago
hi @waltjones, could you help take a look at this when free? (it's a continuation of #1087 )
FYI this still lists is_js
in the lock file. It is no longer transitively reachable; but is still listed. It may need to be removed to"resolve" the vulnerability.
an extension of https://github.com/rollbar/rollbar.js/pull/1087, also bump the version of request-ip in package-lock.json
Description of the change
Updating package-lock.json also avoids the CVE flags by Dependabot for dependency vulnerabilities
Type of change
Related issues
Checklists
Development