Closed gsantner closed 3 years ago
Hello, I just fetched the project from git-master and tried to build it.
When fetching node dependencies, lots of vulnerabilities in the set versions of dependencies show up:
[me@device Tangram]$ git submodule init Submodul 'troll' (https://github.com/sonnyp/troll) für Pfad 'src/troll' in die Konfiguration eingetragen. [me@device Tangram]$ git submodule update Klone nach '/tmp/aatmp/Tangram/src/troll' ... Submodul-Pfad: 'src/troll': '90957d2c4155b3e2b01d6e2a87e525afaeb047b0' ausgecheckt [me@device Tangram]$ npm install > husky@4.3.7 install /tmp/aatmp/Tangram/node_modules/husky > node husky install .... added 235 packages from 123 contributors and audited 236 packages in 12.99s 43 packages are looking for funding run `npm fund` for details found 8 vulnerabilities (5 moderate, 3 high) run `npm audit fix` to fix them, or `npm audit` for details
Suggestions: Setup dependency scanner at CI; Update dependencies
I'll fix it.
It's annoying but FYI https://overreacted.io/npm-audit-broken-by-design/
It doesn't affect Tangram users.
Dependencies were updated.
Hello, I just fetched the project from git-master and tried to build it.
When fetching node dependencies, lots of vulnerabilities in the set versions of dependencies show up:
Suggestions: Setup dependency scanner at CI; Update dependencies