Several security vulnerabilities detected

[altany]

Do you want to request a feature or report a bug? Bug

What is the current behavior? There are 3 security vulnerabilities reported by Github, ws, mem and braces.

There is already one issue open for each package, and two of them have pull requests.

• ws #413 (pull request: #412)
• mem #414 (pull request: #438)
• braces #358

Can you please look into these issues, because Github has notified us of severe vulnerabilities in them?

[timglass]

@motiz88 please could these PR's be included in the next release so that we can resolve the security alerts that many projects are now receiving?

[baconcheese113]

Any update on this?

[PatrickLohan]

New project using expo-cli but I see this is happening when people are using official cli too. Same usage of outdated packages that have vulnerabilities, even after 10 or so weeks.

Have tried:

• changing package.json and updating package (mem)
• keeping original package.json and updating mem
• using npm-package-update package, which shows several of the main package (e.g. react and react-native) as outdated.

Updating anything breaks the app. Github screams about vulns. The PRs in the op's (@altany) post don't seem to have either been merged or work.

Is this a problem only affecting a tiny minority of users? I'd rather use Vue and Vue-Native but it means having to try to change minds.

[brodycj]

Status?