New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
npm install
reports 7 high severity vulnerabilities
#3181
Comments
This seems like a general problem with NPM right? Do you know of things we can do to address this @cpettitt-confluent ? |
I can take a look. The immediate solution would be to pin to safer versions (particularly of lodash, IIRC). But generally, npm is a risk and it doesn't seem to be buying us a lot. It also flagged a valid commit message "feat: Add SHOW TOPICS EXTENDED" because I used uppercase words. It might be better to just pull this recommendation from CONTRIBUTING or provide a custom tool written in Java or python if we see value here. It's not actually used to validate commits because I was able to commit with the message above. |
Fixes confluentinc#3181 Prior to this change: ``` % npm install npm WARN ksql No repository field. npm WARN ksql No license field. removed 9 packages, updated 21 packages and audited 453 packages in 1.219s found 7 high severity vulnerabilities run `npm audit fix` to fix them, or `npm audit` for details ``` With this change: ``` % npm install npm WARN ksql No repository field. npm WARN ksql No license field. audited 456 packages in 1.027s found 0 vulnerabilities ```
Fixes confluentinc#3181 Prior to this change: ``` % npm install npm WARN ksql No repository field. npm WARN ksql No license field. removed 9 packages, updated 21 packages and audited 453 packages in 1.219s found 7 high severity vulnerabilities run `npm audit fix` to fix them, or `npm audit` for details ``` With this change: ``` % npm install npm WARN ksql No repository field. npm WARN ksql No license field. audited 456 packages in 1.027s found 0 vulnerabilities ```
#3213) Fixes #3181 Prior to this change: ``` % npm install npm WARN ksql No repository field. npm WARN ksql No license field. removed 9 packages, updated 21 packages and audited 453 packages in 1.219s found 7 high severity vulnerabilities run `npm audit fix` to fix them, or `npm audit` for details ``` With this change: ``` % npm install npm WARN ksql No repository field. npm WARN ksql No license field. audited 456 packages in 1.027s found 0 vulnerabilities ```
The CONTRIBUTING.md guide recommends running
npm install
from the root of the KSQL repo to installcommitlint
. This command reports several high severity vulnerabilities in dependencies, as shown below:The text was updated successfully, but these errors were encountered: