-
Notifications
You must be signed in to change notification settings - Fork 43
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Vulnerabilities reported by nsp #49
Comments
so it looks like we just need to update handlebars. I'm not sure what the ramifications of that will be, I'll have to do some poking around, but that's good to know. |
Is this related to minimatch? I can see that koa-hbs's depends on a very outdated version of glob, which in turn depends on an outdated version of minimatch (0.3.0). When npm installing, I get the following warning:
Can we update just that for now? I'm passing in my own handlebars instance. |
this week is a little nuts because of the short workweek. a PR that passes tests would be welcome, otherwise it may have to wait until this weekend/next week. |
Sure, I can check that. |
There you go 😄 |
As of 0.9.0 (pending release) nsp reports no vulnerabilities found. |
Hi Guys
Ive been running nsp on some of my apps and nsp is reporting 3 vulnerabilities in the dependencies
The text was updated successfully, but these errors were encountered: