pinebit
commented
1 year ago Reviewing this internally. Thanks for reporting @BrettMontaigne
Closed BrettMontaigne closed 1 year ago
pinebit
commented
1 year ago Reviewing this internally. Thanks for reporting @BrettMontaigne
KuphJr
commented
1 year ago Thanks for reporting @BrettMontaigne! We have recently implemented some workflows to automatically ensure our dependencies are kept up-to-date going forward.
Note that past vulnerabilities should not be any cause for concern as this tool does not create a server, nor execute any untrusted code on the user's behalf.
npm install yields
16 vulnerabilities (7 moderate, 5 high, 4 critical)
forcing a patch introduces breaking changes and more vulnerabilities in the audit tree
Is there an existing feature branch getting these to 0?
-Brett-