We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
On cd assets && npm install, npm informs you of vulnerabilities which are shipped with the current dependencies:
cd assets && npm install
=== npm audit security report === # Run npm install --save-dev css-loader@2.1.1 to resolve 1 vulnerability SEMVER WARNING: Recommended action is a potentially breaking change ┌───────────────┬──────────────────────────────────────────────────────────────┐ │ Moderate │ Denial of Service │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Package │ js-yaml │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Dependency of │ css-loader [dev] │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Path │ css-loader > cssnano > postcss-svgo > svgo > js-yaml │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ More info │ https://npmjs.com/advisories/788 │ └───────────────┴──────────────────────────────────────────────────────────────┘ # Run npm install --save-dev optimize-css-assets-webpack-plugin@5.0.1 to resolve 1 vulnerability SEMVER WARNING: Recommended action is a potentially breaking change ┌───────────────┬──────────────────────────────────────────────────────────────┐ │ Moderate │ Denial of Service │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Package │ js-yaml │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Dependency of │ optimize-css-assets-webpack-plugin [dev] │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Path │ optimize-css-assets-webpack-plugin > cssnano > postcss-svgo │ │ │ > svgo > js-yaml │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ More info │ https://npmjs.com/advisories/788 │ └───────────────┴──────────────────────────────────────────────────────────────┘ # Run npm install --save-dev webpack-cli@3.3.0 to resolve 2 vulnerabilities SEMVER WARNING: Recommended action is a potentially breaking change ┌───────────────┬──────────────────────────────────────────────────────────────┐ │ Low │ Regular Expression Denial of Service │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Package │ braces │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Dependency of │ webpack-cli [dev] │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Path │ webpack-cli > jscodeshift > micromatch > braces │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ More info │ https://npmjs.com/advisories/786 │ └───────────────┴──────────────────────────────────────────────────────────────┘ ┌───────────────┬──────────────────────────────────────────────────────────────┐ │ Low │ Regular Expression Denial of Service │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Package │ braces │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Dependency of │ webpack-cli [dev] │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Path │ webpack-cli > webpack-addons > jscodeshift > micromatch > │ │ │ braces │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ More info │ https://npmjs.com/advisories/786 │ └───────────────┴──────────────────────────────────────────────────────────────┘ # Run npm update js-yaml --depth 4 to resolve 1 vulnerability ┌───────────────┬──────────────────────────────────────────────────────────────┐ │ Moderate │ Denial of Service │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Package │ js-yaml │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Dependency of │ postcss-loader [dev] │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Path │ postcss-loader > postcss-load-config > cosmiconfig > js-yaml │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ More info │ https://npmjs.com/advisories/788 │ └───────────────┴──────────────────────────────────────────────────────────────┘ found 5 vulnerabilities (2 low, 3 moderate) in 16007 scanned packages run `npm audit fix` to fix 1 of them. 4 vulnerabilities require semver-major dependency updates.
The text was updated successfully, but these errors were encountered:
No branches or pull requests
On
cd assets && npm install
, npm informs you of vulnerabilities which are shipped with the current dependencies:The text was updated successfully, but these errors were encountered: