Potential vulnerability on examples project's dependencies
Closed this issue ยท 1 comments
What are you reporting?
- Bug
- Feature request
- Code refactor
- Continuous Integration (CI) improvement
- Changes in documentation (docs)
- Other (describe): dependency vulnerability
What is the current behavior?
The examples project has a devDependency that depends indirectly from ssri@5.0.0
. A potential security vulnerability was found for ssri
at versions less than 5.2.2.
What is the expected behavior?
We shouldn't have any dependency - even devDependencies for the examples project - that contains potential security vulnerabilities.
Other information
The examples
project has uglifyjs-webpack-plugin@1.1.8
as a devDependency, which depends on cacache@10.0.1
, which then depends on ssri@5.0.0
. Remediation recommended by Node Security Platform is to upgrade to version 5.2.2 or later. uglify-webpack-plugin@1.2.3
depends on cacache@10.0.4
which is depending on ssri@5.2.4
, so upgrading uglify-webpack-plugin
would solve the problem.
๐ This issue has been resolved in version 0.4.1 ๐
The release is available on:
Your semantic-release bot ๐ฆ๐