-
-
Notifications
You must be signed in to change notification settings - Fork 356
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
node module vulnerabilities #889
Comments
I can probably pick up a fix for some of these |
Having looked at this, we would probably have to move these to our own modules and begin fixing from there. There hasn't been fixes upstream for much of this. |
It looks like we need to fix lodash and minimist? Is there any chance of being able to fix these and push them upstream or do we need our own repos? |
I don't think lodash and minimist are the problems. I am concerned about the packages using them updating. We may have to fork them to do so. |
Are you talking about honkit, itself? |
exactly. You can read the Path part of the table above to find what dependency chain it exists under |
Installing node modules with
npm install
gives the following output:and
npm audit
gives the following output:The text was updated successfully, but these errors were encountered: