Security vulnerability in dependency
Opened this issue · 3 comments
jessevdp commented
I'm using this plugin. NPM is complaining about a vulnerability in one of the dependencies of this package.
Low Regular Expression Denial of Service
Package braces
Patched in >=2.3.1
Dependency of gatsby-source-apiserver
thinhle-agilityio commented
@jessevdp can you have a PR to fix that?
jessevdp commented
Maybe enable dependabot? This GitHub help article should cover it: "Configuring automated security updates". That way you'll always get a PR for dependency updates that patch security vulnerabilities. No need for anyone to do a manual PR.
(Sorry for the delay)
thinhle-agilityio commented
that sound good, thanks @jessevdp