npm audit found 2 high severity vulnerabilities

Question

npm audit found 2 high severity vulnerabilities

nelsonic opened this issue 6 years ago · 2 comments

While adding to the docs, I removed the dependencies and re-installed them:

$ rm -rf node_modules/
$ npm install

> pre-commit@1.2.2 install /Users/n/code/github-scraper/node_modules/pre-commit
> node install.js

pre-commit:
pre-commit: Detected an existing git pre-commit hook
pre-commit: Old pre-commit hook backuped to pre-commit.old
pre-commit:

> spawn-sync@1.0.15 postinstall /Users/n/code/github-scraper/node_modules/spawn-sync
> node postinstall

added 162 packages from 177 contributors and audited 265 packages in 4.121s
found 2 high severity vulnerabilities
  run `npm audit fix` to fix them, or `npm audit` for details

I think it's because the version of Cheerio we are using is kinda "old".
https://david-dm.org/nelsonic/github-scraper

We're using the "stable" version as opposed to the release candidate ...
but it appears to be using older dependencies and hasn't been updated ...

Going to try and update Cheerio to 1.0.0-rc.3 and see if anything "breaks".

Answer 1 · 2019-05-28T09:46:04.000Z

Only one parser fails after updating to cheerio@1.0.0-rc.3 ... 🎉
Going to publish a new version of the package with the latest Cheerio.

Answer 2 · 2019-05-28T09:47:22.000Z

github-scraper@6.8.0 on NPM uses the latest Cheerio and no longer has an npm audit warning. ✅