Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update vulnerable dependencies from npm audit report #138

Closed
helen-m-lin opened this issue Feb 15, 2024 · 1 comment · Fixed by #168
Closed

Update vulnerable dependencies from npm audit report #138

helen-m-lin opened this issue Feb 15, 2024 · 1 comment · Fixed by #168
Assignees
@helen-m-lin

Comments

@helen-m-lin
Copy link
Collaborator

helen-m-lin commented Feb 15, 2024
edited
Loading

Describe the bug

  • There are currently 19 vulnerabilities (1 critical, 8 high, 10 moderate) shown from running npm audit
  • There is overlap with GitHub Dependabot alerts, tracked in Resolve GitHub Dependabot vulnerability alerts #137.
  • 5 of 19 vulnerabilities can be fixed using npm audit fix, the remainder require investigation.

To Reproduce
Steps to reproduce the behavior:

  1. Clone the repo and check out dev branch
  2. Run npm audit
  3. Review security vulnerabilities

Expected behavior
All vulnerabilities should be resolved.
@helen-m-lin helen-m-lin mentioned this issue Apr 17, 2024
Merged
@helen-m-lin
Copy link
Collaborator Author

As of Apr 16, there were 9 vulnerabilities from npm audit --production and 21 from general report.

These are addressed in PR #168. All from prod report are addressed. Remaining issues for devDependencies can be ignored (
see previous PR #33 and facebook/create-react-app#11174)

@helen-m-lin helen-m-lin mentioned this issue Apr 17, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@helen-m-lin helen-m-lin

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: update dependencies AllenNeuralDynamics/aind-metadata-entry-js
1 participant
@helen-m-lin