Vulnerability with dependencies

Question

Vulnerability with dependencies

Opened this issue 6 years ago · 1 comments

I'm getting these problems when suing the module. Not sure if it can be fixed by just updating to the latest modules or that would break something.

Manual Review
Some vulnerabilities require your attention to resolve
      Visit https://go.npm.me/audit-guide for additional guidance
High Regular Expression Denial of Service

Package minimatch

Patched in >=3.0.2

Dependency of tokml

Path tokml > strxml > tap > glob > minimatch

More info https://nodesecurity.io/advisories/118

Low Incorrect Handling of Non-Boolean Comparisons During
Minification

Package uglify-js

Patched in >= 2.4.24

Dependency of tokml

Path tokml > strxml > tap > runforcover > bunker > burrito >
uglify-js

More info https://nodesecurity.io/advisories/39

Low Regular Expression Denial of Service

Package uglify-js

Patched in >=2.6.0

Dependency of tokml

Path tokml > strxml > tap > runforcover > bunker > burrito >
uglify-js

More info https://nodesecurity.io/advisories/48

found 3 vulnerabilities (2 low, 1 high) in 3335 scanned packages
3 vulnerabilities require manual review. See the full report for details

Answer 1 · 2018-08-01T13:07:22.000Z

I just realised there's work being done here: #31