How to handle vulnerabilities of extensions-api?

[uraxurax]

I think there are following 5 low severity vulnerabilities in tableau extension. Is there any official correction?

Regards, uraxurax

$npm audit

                   === npm audit security report ===                        

                             Manual Review                                  
         Some vulnerabilities require your attention to resolve             

      Visit https://go.npm.me/audit-guide for additional guidance           

Low Prototype Pollution

Package minimist

Patched in >=0.2.1 <1.0.0 || >=1.2.3

Dependency of http-server

Path http-server > optimist > minimist

More info https://npmjs.com/advisories/1179

Low Prototype Pollution

Package minimist

Patched in >=0.2.1 <1.0.0 || >=1.2.3

Dependency of @tableau/tabextsandbox [dev]

Path @tableau/tabextsandbox > optimist > minimist

More info https://npmjs.com/advisories/1179

Low Prototype Pollution

Package minimist

Patched in >=0.2.1 <1.0.0 || >=1.2.3

Dependency of webpack [dev]

Path webpack > watchpack > chokidar > fsevents > node-pre-gyp >
mkdirp > minimist

More info https://npmjs.com/advisories/1179

Low Prototype Pollution

Package minimist

Patched in >=0.2.1 <1.0.0 || >=1.2.3

Dependency of webpack [dev]

Path webpack > watchpack > chokidar > fsevents > node-pre-gyp >
tar > mkdirp > minimist

More info https://npmjs.com/advisories/1179

Low Prototype Pollution

Package minimist

Patched in >=0.2.1 <1.0.0 || >=1.2.3

Dependency of webpack [dev]

Path webpack > watchpack > chokidar > fsevents > node-pre-gyp >
rc > minimist

More info https://npmjs.com/advisories/1179

found 5 low severity vulnerabilities in 7087 scanned packages 5 vulnerabilities require manual review. See the full report for details.

[bcantoni]

We have some internal processes in place now along with Dependabot, so this project should be more kept up to date with vulnerabilities.