wooorm
commented
3 years ago Updating to v2 would break everything, as that’s an ESM package.
No need to worry about trim. It’s a potential slowdown. Not anything that would actually affect you.
Closed snapdeus closed 2 years ago
wooorm
commented
3 years ago Updating to v2 would break everything, as that’s an ESM package.
No need to worry about trim. It’s a potential slowdown. Not anything that would actually affect you.
wooorm
commented
2 years ago Duplicate of GH-101 and solved in 6.0.0
Greetings,
I installed npm franc and it resulted in "1 high severity vulnerability" in the npm audit.
See attached screenshot
Upon examining the package.json for the dependencies, it has "trigram-utils": "^1.0.0" - whjch installs a vulnerable version of trim.
I was able to fix this by changing the package.json to require the 2.0 version of trigram utils and it was fine.
Just thought you should be aware!
Thank you for your time.