search

winstonjs / winston-syslog

A syslog transport for winston
http://github.com/winstonjs/winston-syslog
MIT License
138 stars 119 forks source link

Security Vulnerability in Dependency mem@1.1.0 #129

Open HansG89 opened 4 years ago

HansG89 commented 4 years ago

The package mem@1.1.0 which is used by dependencies has security vulnerabilities

for more infos see: https://snyk.io/test/npm/mem/1.1.0

npm ls output:

winston-syslog@2.4.0
  └─┬ eslint-config-populist@4.2.0
    └─┬ eslint-find-rules@3.4.0
      └─┬ yargs@8.0.2
        └─┬ os-locale@2.1.0
          └── mem@1.1.0

Please fix this issue!

CapitaineJSparrow commented 4 years ago

Same here, mem module has vulnerabilities.

Pegase745 commented 4 years ago

It all comes down to this PR: https://github.com/sarbbottam/eslint-find-rules/pull/314 But they don't seem to want to drop support for node@4, meaning that eslint-config-populist can't be upgraded either.

How about switching to something other than eslint-config-populist ?