-
Notifications
You must be signed in to change notification settings - Fork 477
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Npm audit throws several vulnerabilities #589
Comments
The risk is very minimal given the fact that the entire point of jscodeshift is to run user-supplied code, but we can bump the dependencies to resolve this issue. |
@Daniel15 Could you bump the version and make patch release ? |
Yes, I'll bump it tomorrow. |
I figured out what happened. #588 bumped the The security warning is not a problem for jscodeshift though, since babel-core v6 is not actually used in jscodeshift. The only reference to I updated that code to use I've published a new package with the babel-core dependency removed as v0.16.1. |
I have installed latest package
"jscodeshift": "^0.16.0",
and executednpm audit
.. it throwsSee detailed errors on
Any can advise on this ?
The text was updated successfully, but these errors were encountered: