Vulnerabilities in the Dependabot alerts
Closed this issue · 1 comments
beatrizsmerino commented
Hi! I need help to remove these annoying security alerts on the dependencies.
I would like to upgrade the packages to a stable version.
Security Alerts:
- ansi-regex
- nth-check
- set-value
- ansi-html
Many of these alerts indicate this to me:
⚠ Dependabot cannot update set-value to a non-vulnerable version
I don't know if I should:
- update the stable version you indicate me, manually in the
package-lock.jsonfile. - Install it as a dependency so that it appears in the
package.jsonfile withnpm install. - Search for a more stable version of the package or its dependencies.
I appreciate any PR and advice
beatrizsmerino commented
Found vulnerabilities on the dependencies
Running the command npm audit in the terminal returns a list with 'Some vulnerabilities require your attention to resolve':
Package ansi-regex
Package nth-check
Package set-value
Package ansi-html
Package glob-parent
