Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Vulnerabilities with npm build on BigSur #9096

Closed
k-eduardo opened this issue May 14, 2021 · 4 comments
Closed

Vulnerabilities with npm build on BigSur #9096

k-eduardo opened this issue May 14, 2021 · 4 comments
Labels
type: support

Comments

@k-eduardo
Copy link

Hi, this is a beautiful project! :=)

I was building this project and found 108 vulnerabilities, with 5 labeled as severe. I was wondering if something has been done within Chart JS to prevent these from being exploited.

Regards!
@etimberg
Copy link
Member

Is this from npm audit?

@k-eduardo
Copy link
Author

Yes, that's correct.

@etimberg
Copy link
Member

I've upgraded dependencies in #9102. Not all of these issues are fixable. The trim dependency is likely difficult to fix according to eslint/eslint-plugin-markdown#186

All of these dependencies come for the build chain, not for the actual library.

@k-eduardo
Copy link
Author

Thanks! Yes, I will be trying to reduce the risk. If a good idea comes up, I'll let you know in a PR. Have a good one!

@kurkle kurkle closed this as completed May 17, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type: support
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@k-eduardo @etimberg @kurkle