Vulnerability with dependencies

I'm getting these problems when suing the module. Not sure if it can be fixed by just updating to the latest modules or that would break something.

>  Manual Review
>              Some vulnerabilities require your attention to resolve
> 
>           Visit https://go.npm.me/audit-guide for additional guidance
> 
> 
>   High            Regular Expression Denial of Service
> 
>   Package         minimatch
> 
>   Patched in      >=3.0.2
> 
>   Dependency of   tokml
> 
>   Path            tokml > strxml > tap > glob > minimatch
> 
>   More info       https://nodesecurity.io/advisories/118
> 
> 
>   Low             Incorrect Handling of Non-Boolean Comparisons During
>                   Minification
> 
>   Package         uglify-js
> 
>   Patched in      >= 2.4.24
> 
>   Dependency of   tokml
> 
>   Path            tokml > strxml > tap > runforcover > bunker > burrito >
>                   uglify-js
> 
>   More info       https://nodesecurity.io/advisories/39
> 
> 
>   Low             Regular Expression Denial of Service
> 
>   Package         uglify-js
> 
>   Patched in      >=2.6.0
> 
>   Dependency of   tokml
> 
>   Path            tokml > strxml > tap > runforcover > bunker > burrito >
>                   uglify-js
> 
>   More info       https://nodesecurity.io/advisories/48
> 
> found 3 vulnerabilities (2 low, 1 high) in 3335 scanned packages
>   3 vulnerabilities require manual review. See the full report for details

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Vulnerability with dependencies #36

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Vulnerability with dependencies #36

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions