Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security Vulnerability #459

Closed
jonobr1 opened this issue Apr 21, 2020 · 2 comments · Fixed by #460
Closed

Security Vulnerability #459

jonobr1 opened this issue Apr 21, 2020 · 2 comments · Fixed by #460

Comments

@jonobr1
Copy link
Owner

jonobr1 commented Apr 21, 2020

Screen Shot 2020-04-21 at 3 56 44 PM

@adroitwhiz, looks like one of the dependencies you added requires this package that has a vulnerability. Any thoughts on what this could be / how to fix it?
@adroitwhiz
Copy link
Contributor

adroitwhiz commented Apr 21, 2020
edited
Loading

image

It looks like this is coming from a dev dependency. I've encountered this before and find it quite annoying that GitHub sends you these scary security alerts because there's a vulnerability in the argument parser used by one of your build tools [EDIT: especially when npm audit reports this very vulnerability as "low severity"].

@adroitwhiz adroitwhiz mentioned this issue Apr 21, 2020
Merged
@jonobr1
Copy link
Owner Author

jonobr1 commented Apr 21, 2020

Ahhhh, got it. Thanks for the quick response. That totally makes sense.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Update dependencies again adroitwhiz/two.js
2 participants
@jonobr1 @adroitwhiz