Security vulnerability in dependency

Question

Security vulnerability in dependency

Opened this issue 5 years ago · 3 comments

I'm using this plugin. NPM is complaining about a vulnerability in one of the dependencies of this package.

  Low             Regular Expression Denial of Service

  Package         braces

  Patched in      >=2.3.1

  Dependency of   gatsby-source-apiserver

Answer 1 · 2019-11-29T03:08:20.000Z

@jessevdp can you have a PR to fix that?

Answer 2 · 2019-12-10T07:54:37.000Z

Maybe enable dependabot? This GitHub help article should cover it: "Configuring automated security updates". That way you'll always get a PR for dependency updates that patch security vulnerabilities. No need for anyone to do a manual PR.

(Sorry for the delay)

Answer 3 · 2019-12-10T09:05:55.000Z

that sound good, thanks @jessevdp