NSP Security Alert for Dependency
Closed this issue · 1 comments
apowers313 commented
When using this module, nsp complains that there is a dependency that has a security hole:
generator-fido-release@0.0.0 > gulp-html-pdf@0.2.0 > html-pdf@1.5.0 > phantomjs@1.9.19 > request@2.42.0 > hawk@1.1.1
has a Regular Expression Denial of Service
It looks like the latest version of html-pdf
has the latest version of phantomjs
which ultimately fixes the insecure hawk
dependency. Would it be possible to bump the html-pdf
dependency in package.json to the latest version (2.0.0)?
jacoblane commented
Bumped to 2.0.0.
Thanks.