1000 Dependencies with High Priority

truffle-box / react-box

Truffle, Webpack and React boilerplate.

https://truffle-box.github.io/

MIT License

736 stars 251 forks source link

1000 Dependencies with High Priority #107

Closed ksolo closed 5 years ago

ksolo commented 5 years ago

After a clean unboxing, I am getting a list of vulnerabilities from the dependencies.

found 1071 vulnerabilities (63 low, 8 moderate, 1000 high) in 136061 scanned packages
  run `npm audit fix` to fix 1006 of them.
  65 vulnerabilities require semver-major dependency updates.

stale[bot] commented 5 years ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

stale[bot] commented 5 years ago

This issue has been closed, but can be re-opened if further comments indicate that the problem persists. Feel free to tag maintainers if there is no reply to further comments.

tcoulter commented 4 years ago

cc @gnidan

As an aside, someone mentioned this as a blocker to me recently, but I don't remember where I saw it.