One solution is to "rm package-lock.json" before building. This file
is the lock file that "npm install" left behind.
More details:
/jsonlint # npm audit
underscore 1.3.2 - 1.12.0
Severity: high
Arbitrary Code Execution in underscore - https://github.com/advisories/GHSA-cf4h-3jhx-xvhq
fix available via npm audit fix
node_modules/underscore
nomnom >=1.6.0
Depends on vulnerable versions of underscore
node_modules/nomnom
jsonlint -> nomnom -> underscore
Underscore has an arbitrary code execution per the link below.
https://github.com/advisories/GHSA-cf4h-3jhx-xvhq
One solution is to "rm package-lock.json" before building. This file is the lock file that "npm install" left behind.
More details:
/jsonlint # npm audit
underscore 1.3.2 - 1.12.0 Severity: high Arbitrary Code Execution in underscore - https://github.com/advisories/GHSA-cf4h-3jhx-xvhq fix available via
npm audit fix
node_modules/underscore nomnom >=1.6.0 Depends on vulnerable versions of underscore node_modules/nomnom2 high severity vulnerabilities
To address all issues, run: npm audit fix