Closed stoikerty closed 6 years ago
The vulnerabilities that snyk is reporting on have not gone away completely, but they should as far as I know not be anything to worry about in the case of regular usage of dev-toolkit as a tool. Snyk reports them as low
vulnerabilities. They persist in the latest version of webpack (v4.5.0 right now) and it's impossible to make the warnings go away until the following issues have been resolved:
https://github.com/webpack/watchpack/issues/63
https://github.com/strongloop/fsevents/issues/187
This issue will me monitored from time to time.
7.0.2 release has fixed those vulnerabilities https://github.com/stoikerty/dev-toolkit/releases/tag/dev-toolkit@7.0.2
https://snyk.io/test/github/stoikerty/dev-toolkit?severity=high&severity=medium&severity=low