search

thoughtworks / metrik

An easy-to-use, cross-platform measurement tool that pulls data out of CD pipelines and analysis the four key metrics for you.
MIT License
361 stars 87 forks source link

npm audit: Vulnerabilities found ⚠️ #12

Closed karuppiah7890 closed 3 years ago

karuppiah7890 commented 3 years ago

Describe the bug npm audit says that there are some vulnerabilities in the front end app that need to be fixed and can be fixed

To Reproduce Steps to reproduce the behavior:

  1. Go to the git repository
  2. cd frontend
  3. npm audit
  4. See error
$ npm audit 
# npm audit report

yargs-parser  <=13.1.1 || 14.0.0 - 15.0.0 || 16.0.0 - 18.1.1
Prototype Pollution - https://npmjs.com/advisories/1500
fix available via `npm audit fix --force`
Will install stylelint-config-rational-order@0.0.4, which is a breaking change
node_modules/stylelint-config-rational-order/node_modules/yargs-parser
  meow  5.0.0 - 6.0.1
  Depends on vulnerable versions of yargs-parser
  node_modules/stylelint-config-rational-order/node_modules/meow
    stylelint  9.2.1 - 12.0.1
    Depends on vulnerable versions of meow
    node_modules/stylelint-config-rational-order/node_modules/stylelint
      stylelint-config-rational-order  >=0.1.0
      Depends on vulnerable versions of stylelint
      node_modules/stylelint-config-rational-order

4 low severity vulnerabilities

To address all issues (including breaking changes), run:
  npm audit fix --force

Expected behavior No vulnerabilities in the front end app

Extra information

zhe-zhao commented 3 years ago

Thanks for reporting this issue. Closing the issue now since this has been fixed in the recent change.