You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If growl 1.9.3 will be uploaded to NPM, then we can try to update it, too (see tj/node-growl#81). You cannot use 1.10.* instead.
All the other found vulnerabilities are in dev dependencies.
I know that there is no official LTS support, but I believe that simple publishing a fixed package as 3.5.4 is a good first step to it. Everything is ready, just test (one more time!) and publish.
The text was updated successfully, but these errors were encountered:
Mocha v3.5.3 is recognized as insecure by
npm audit
.I've turned out that updating
debug
dependence from2.6.8
to2.6.9
removes some vulnerabilities.The appropriate patch is here: https://github.com/nickkolok/mocha/tree/v3.5.3-security-fixes
If
growl 1.9.3
will be uploaded to NPM, then we can try to update it, too (see tj/node-growl#81). You cannot use 1.10.* instead.All the other found vulnerabilities are in dev dependencies.
I know that there is no official LTS support, but I believe that simple publishing a fixed package as
3.5.4
is a good first step to it. Everything is ready, just test (one more time!) and publish.The text was updated successfully, but these errors were encountered: