search

stacks-archive / blockstack-app-generator

Blockstack app generator
MIT License
43 stars 28 forks source link

Fix just-extend vulnerability #37

Closed jdjkelly closed 5 years ago

jdjkelly commented 5 years ago

npm audit results gave me this:

┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate      │ Prototype Pollution                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ just-extend                                                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ yeoman-test [dev]                                            │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ yeoman-test > sinon > nise > just-extend                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://npmjs.com/advisories/780                             │
└───────────────┴──────────────────────────────────────────────────────────────┘

Used npm version 6.8.0 to run the npm audit fix command to automatically resolve - it added additional optional: true parameters to several dependencies - this may be related to https://github.com/npm/npm/issues/17722

zone117x commented 5 years ago

Latest dev branch currently passes npm audit