Closed snapdeus closed 2 years ago
Greetings,
I installed npm franc and it resulted in "1 high severity vulnerability" in the npm audit.
See attached screenshot
Upon examining the package.json for the dependencies, it has "trigram-utils": "^1.0.0" - whjch installs a vulnerable version of trim.
I was able to fix this by changing the package.json to require the 2.0 version of trigram utils and it was fine.
Just thought you should be aware!
Thank you for your time.
Updating to v2 would break everything, as that’s an ESM package.
No need to worry about trim. It’s a potential slowdown. Not anything that would actually affect you.
trim
Duplicate of GH-101 and solved in 6.0.0
Greetings,
I installed npm franc and it resulted in "1 high severity vulnerability" in the npm audit.
See attached screenshot![image](https://user-images.githubusercontent.com/44621390/118382432-74eef680-b5c3-11eb-82b9-e0caef3e56b0.png)
Upon examining the package.json for the dependencies, it has "trigram-utils": "^1.0.0" - whjch installs a vulnerable version of trim.
I was able to fix this by changing the package.json to require the 2.0 version of trigram utils and it was fine.
Just thought you should be aware!
Thank you for your time.