You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently, Github warns:
"We found a potential security vulnerability in one of your dependencies.
The mustache dependency defined in package-lock.json has a known moderate severity security vulnerability in version range < 2.2.1 and should be updated."
mustache is in the dependency graph for markdown-to-slides, which hasn't had an update in a year (and hasn't addressed any of its issues or PRs since). So the solution to this must either be to find an alternative to markdown-to-slides, or to somehow force npm to install an upgraded version of mustache. I think the latter is possible using npm shrinkwrap (https://nodejs.org/en/blog/npm/managing-node-js-dependencies-with-shrinkwrap/) to avoid a lot of work for a vulnerability that probably can't be exploited in learn-git.
Would you be amenable to a PR that adds a npm-shrinkwrap.json file?
The text was updated successfully, but these errors were encountered:
Currently, Github warns:
"We found a potential security vulnerability in one of your dependencies.
The mustache dependency defined in package-lock.json has a known moderate severity security vulnerability in version range < 2.2.1 and should be updated."
mustache is in the dependency graph for markdown-to-slides, which hasn't had an update in a year (and hasn't addressed any of its issues or PRs since). So the solution to this must either be to find an alternative to markdown-to-slides, or to somehow force npm to install an upgraded version of mustache. I think the latter is possible using npm shrinkwrap (https://nodejs.org/en/blog/npm/managing-node-js-dependencies-with-shrinkwrap/) to avoid a lot of work for a vulnerability that probably can't be exploited in learn-git.
Would you be amenable to a PR that adds a npm-shrinkwrap.json file?
The text was updated successfully, but these errors were encountered: