-
-
Notifications
You must be signed in to change notification settings - Fork 24
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update dependencies for vulnerabilities, please? #61
Comments
All of the dependencies are using Are there any npm audit complaints that require a major upgrade? |
The report states anything less than 6.2.1 is considered vulnerable. esvu's tar dependency is ^5.0.5. Granted, the sources are probably trusted. Apologies for the delay. |
The good news is a quick perusal of the esvu code (src/common.js) and node-tar's documentation implies the upgrade will be compatible. |
these vulnerabilities don't represent any real world problem so this issue is fairly low on my list, but feel free to open a PR updating the deps to your satisfaction. |
I'm considering using esvu for testing my library across several different JavaScript engines, but I'm concerned about the npm audit report.
The text was updated successfully, but these errors were encountered: