You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Version 16.2.3 of browserify reports 15 vulnerabilities, 14 moderate and 1 high.
I have traced all of these back to two devDependencies and 3 of the unit tests.
The dev dependencies are concat-stream and tap; they just require upversioning.
The unit tests required small modification to make safe calls to Buffer in the Buffer.from() style.
To replicate:
clone down repo and checkout 16.2.3 or master
npm i install --package-lock-only
Try out my pull request to get to zero vulnerabilities and all tests passing with 1 test skipped (evil json test which only runs in windows environment, which I don't have access to).
The text was updated successfully, but these errors were encountered:
Version 16.2.3 of browserify reports 15 vulnerabilities, 14 moderate and 1 high.
I have traced all of these back to two devDependencies and 3 of the unit tests.
The dev dependencies are concat-stream and tap; they just require upversioning.
The unit tests required small modification to make safe calls to Buffer in the Buffer.from() style.
I am opening a corresponding pull request #1899
To replicate:
clone down repo and checkout 16.2.3 or master
npm i install --package-lock-only
Try out my pull request to get to zero vulnerabilities and all tests passing with 1 test skipped (evil json test which only runs in windows environment, which I don't have access to).
The text was updated successfully, but these errors were encountered: