You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Jan 26, 2019. It is now read-only.
For the following npm vulnerability audit report, is our only option to wait for the deep-extend package to get fixed/updated?
Note: When I upgraded to [email protected], the number of deep-extend vulnerabilities went from 11 down to 9 (while all the randomatic vulnerabilities resolved and went away).
The below audit item is the 2nd of the 9 remaining vulnerabilities (post the 3.0.0 upgrade)... all of the 9 reference paths are noted below this one example audit item.
As a follow-up, I created a brand new create-react-app test1 --scripts-version=react-scripts-ts. I'm glad to report that although it also yielded the same 9 vulnerabilities, once committed, GitHub did not throw the alert that it did with the hoek dependency vulnerability. Primary concern defused. Cheers!
For the following
npm
vulnerability audit report, is our only option to wait for thedeep-extend
package to get fixed/updated?Note: When I upgraded to
[email protected]
, the number ofdeep-extend
vulnerabilities went from 11 down to 9 (while all therandomatic
vulnerabilities resolved and went away).The below audit item is the 2nd of the 9 remaining vulnerabilities (post the 3.0.0 upgrade)... all of the 9 reference paths are noted below this one example audit item.
Insights welcome! 😄
Thanks!!
The text was updated successfully, but these errors were encountered: