videojs-http-source-selector icon indicating copy to clipboard operation
videojs-http-source-selector copied to clipboard

Published 20 hours ago verified publisher icon jfujita

Minor issue: NPM Audit

Open stevendesu opened this issue 5 years ago • 0 comments

I just got around to making a pull request but was beaten to the punch by @leonklingele

In the process of forking, cloning, NPM installing, and starting to work, I noticed the following from npm audit:

found 321 vulnerabilities (3 low, 2 moderate, 314 high, 2 critical) in 11672 scanned packages
  run `npm audit fix` to fix 318 of them.
  3 vulnerabilities require manual review. See the full report for details.

Running npm audit fix updates jsdoc from ^3.4.3 to ^3.6.3 and resolves 318 of the issues

The remaining 3 issues are all "low" severity and all derive from the braces sub-dependency (used by both qunitjs and rollup-watch). Since they're both pulling in braces from micromatch, it may make more sense for micromatch to update those? I'm not entirely sure what the process is when a sub-dependency has a security issue like that.

stevendesu avatar Dec 03 '19 20:12 stevendesu