Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

npm audit warnings #45

Open
t0lkman opened this issue May 5, 2020 · 3 comments
Open

npm audit warnings #45

t0lkman opened this issue May 5, 2020 · 3 comments
Labels
not-verified

Comments

@t0lkman
Copy link

t0lkman commented May 5, 2020 

# Run  npm install --save-dev [email protected]  to resolve 2 vulnerabilities
SEMVER WARNING: Recommended action is a potentially breaking change

  Low             Incorrect Handling of Non-Boolean Comparisons During          
                  Minification                                                  

  Package         uglify-js                                                     

  Dependency of   ejs-compiled-loader [dev]                                     

  Path            ejs-compiled-loader > uglify-js                               

  More info       https://npmjs.com/advisories/39                               




  Low             Regular Expression Denial of Service                          

  Package         uglify-js                                                     

  Dependency of   ejs-compiled-loader [dev]                                     

  Path            ejs-compiled-loader > uglify-js                               

  More info       https://npmjs.com/advisories/48

looks like uglify-js needs to be updated?
@t0lkman
Copy link
Author

t0lkman commented May 5, 2020

ok I just created another one, which doesn't produce this warning. Whoever is interested here is the link: https://www.npmjs.com/package/webpack-ejs3-loader

@bazilio91
Copy link
Owner

It's strange, because 2.2.0 loader uses 2.6.1 uglify-js which marked as unaffected prior to https://www.npmjs.com/advisories/39/versions and https://www.npmjs.com/advisories/48/versions. Maybe your lock file is stale or something else?

@t0lkman
Copy link
Author

t0lkman commented May 20, 2020

I think because I had 1.x version

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
not-verified
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@bazilio91 @t0lkman