You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
trim-newlines is a transitive dependency which is present in a
dependency tree through imagemin-webp and node-sass.
Version of trim-newlines which is referenced by those pacakges has a
security advisory https://snyk.io/vuln/SNYK-JS-TRIMNEWLINES-1298042
Neither imagemin-webp nor node-sass have version which depend on patched
version of trim-newlines. And at least node-sass is not maintained any
longer.
Under current circumstances the only way to fix this is to force
trim-newlines version via "resolutions". As interface of the package is
backward compatible and does not break anything I believe it is a right
thing to do.
eamodio
changed the title
yarn audit fails with 2 high sev vulnerabilities
Yarn audit fails with 2 high sev vulnerabilities (dev dependencies only)
Jul 2, 2021
Steps to Reproduce:
yarn --frozen-lockfile
yarn audit --summary
Actual result:
yarn audit v1.22.10
2 vulnerabilities found - Packages audited: 830
Severity: 2 High
✨ Done in 1.22s.
Expected result:
yarn audit v1.22.10
0 vulnerabilities found - Packages audited: 830
✨ Done in 1.15s.
The text was updated successfully, but these errors were encountered: