I have nsp version 2.4.0 (https://www.npmjs.com/package/nsp) integrated into my security testing for my project, and am currently using the latest version 5.2.1 of strong-pm, however a number of dependencies are vulnerable, and is preventing me from deploying currently. I could override these security issues (or disable nsp in the worst case) to deploy, but I'd like a more permanent solution.
Here are the list of dependencies that are vulnerable (if you run nsp check):
strong-pm@5.2.1 > tar@1.0.3
strong-pm@5.2.1 > minkelite@1.2.5 > express@4.9.8 > send@0.9.3 > ms@0.6.2
strong-pm@5.2.1 > strong-runner@5.0.3 > strong-supervisor@3.3.3 > strong-agent@2.0.3 > semver@2.2.1
strong-pm@5.2.1 > strong-runner@5.0.3 > strong-control-channel@2.2.2 > ws@0.8.1
strong-pm@5.2.1 > strong-mesh-models@8.1.0 > loopback-explorer@1.8.0 > swagger-ui@2.0.24 > handlebars@1.0.12
strong-pm@5.2.1 > strong-mesh-models@8.1.0 > loopback-explorer@1.8.0 > swagger-ui@2.0.24 > handlebars@1.0.12 > uglify-js@2.3.6
strong-pm@5.2.1 > strong-mesh-models@8.1.0 > loopback-explorer@1.8.0 > swagger-ui@2.0.24 > handlebars@1.0.12 > uglify-js@2.3.6
Some of these are not necessarily the fault of this particular repo, but nonetheless I figure that some of these must be ones you can fix by updating the dependencies, and then telling me which ones you cannot, since presumably loopback-explorer might belong to a different team.
Hi all,
I have nsp version 2.4.0 (https://www.npmjs.com/package/nsp) integrated into my security testing for my project, and am currently using the latest version 5.2.1 of strong-pm, however a number of dependencies are vulnerable, and is preventing me from deploying currently. I could override these security issues (or disable nsp in the worst case) to deploy, but I'd like a more permanent solution.
Here are the list of dependencies that are vulnerable (if you run nsp check): strong-pm@5.2.1 > tar@1.0.3 strong-pm@5.2.1 > minkelite@1.2.5 > express@4.9.8 > send@0.9.3 > ms@0.6.2 strong-pm@5.2.1 > strong-runner@5.0.3 > strong-supervisor@3.3.3 > strong-agent@2.0.3 > semver@2.2.1 strong-pm@5.2.1 > strong-runner@5.0.3 > strong-control-channel@2.2.2 > ws@0.8.1 strong-pm@5.2.1 > strong-mesh-models@8.1.0 > loopback-explorer@1.8.0 > swagger-ui@2.0.24 > handlebars@1.0.12 strong-pm@5.2.1 > strong-mesh-models@8.1.0 > loopback-explorer@1.8.0 > swagger-ui@2.0.24 > handlebars@1.0.12 > uglify-js@2.3.6 strong-pm@5.2.1 > strong-mesh-models@8.1.0 > loopback-explorer@1.8.0 > swagger-ui@2.0.24 > handlebars@1.0.12 > uglify-js@2.3.6
Some of these are not necessarily the fault of this particular repo, but nonetheless I figure that some of these must be ones you can fix by updating the dependencies, and then telling me which ones you cannot, since presumably loopback-explorer might belong to a different team.