Potential vulnerability on examples project's dependencies
Closed this issue ยท 1 comments
What are you reporting?
- Bug
- Feature request
- Code refactor
- Continuous Integration (CI) improvement
- Changes in documentation (docs)
- Other (describe): dependency vulnerability
What is the current behavior?
The examples project has a devDependency that depends indirectly from ssri@5.0.0. A potential security vulnerability was found for ssri at versions less than 5.2.2.
What is the expected behavior?
We shouldn't have any dependency - even devDependencies for the examples project - that contains potential security vulnerabilities.
Other information
The examples project has uglifyjs-webpack-plugin@1.1.8 as a devDependency, which depends on cacache@10.0.1, which then depends on ssri@5.0.0. Remediation recommended by Node Security Platform is to upgrade to version 5.2.2 or later. uglify-webpack-plugin@1.2.3 depends on cacache@10.0.4 which is depending on ssri@5.2.4, so upgrading uglify-webpack-plugin would solve the problem.
๐ This issue has been resolved in version 0.4.1 ๐
The release is available on:
Your semantic-release bot ๐ฆ๐