You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Thank you for this wonderful package that I use on a Nova project.
I have noticed through by CI security pipeline that some npm packages are outdated and have vulnerabilities :
> grype --only-fixed -o table dir:./
✔ Vulnerability DB [no update available]
✔ Indexed file system .
✔ Scanned for vulnerabilities [6 vulnerability matches]
├── by severity: 1 critical, 1 high, 4 medium, 0 low, 0 negligible
└── by status: 6 fixed, 0 not-fixed, 0 ignored
[0000] WARN no explicit name and version provided for directory source, deriving artifact ID from the given path (which is not ideal)
NAME INSTALLED FIXED-IN TYPE VULNERABILITY SEVERITY
@babel/traverse 7.21.4 7.23.2 npm GHSA-67hx-6x53-jw92 Critical
axios 0.27.2 1.6.0 npm GHSA-wf5p-g6vw-rhxx Medium
browserify-sign 4.2.1 4.2.2 npm GHSA-x9w5-v3q2-3rhw High
postcss 8.4.22 8.4.31 npm GHSA-7fh5-64p2-3v2j Medium
semver 6.3.0 6.3.1 npm GHSA-c2qf-rxjj-qqgw Medium
semver 7.5.0 7.5.2 npm GHSA-c2qf-rxjj-qqgw Medium
Would it be possible to update the PHP/JS dependencies ? Otherwise, I'll have to fork the repository.
The text was updated successfully, but these errors were encountered:
Hello,
Thank you for this wonderful package that I use on a Nova project.
I have noticed through by CI security pipeline that some npm packages are outdated and have vulnerabilities :
Would it be possible to update the PHP/JS dependencies ? Otherwise, I'll have to fork the repository.
The text was updated successfully, but these errors were encountered: