Resolve npm package vulnerabilities
#2607
Labels
a-CLI
a-DevOps
a-Security
s.UnderDiscussion
The team will evaluate this issue to decide whether it is worth adding
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Please confirm that you have searched existing issues in the repo
Yes, I have searched the existing issues
Any related issues?
No response
What is the area that this feature belongs to?
DevOps, Security, CLI
Is your feature request related to a problem? Please describe.
Currently, there are several
npmvulnerabilities being reported for MarkBind.While some warnings are not directly relevant to MarkBind and can be of a lower priority, it is still better to resolve some of these before it potentially snowballs.
Describe the solution you'd like
The
npmpackage manager advises runningnpm audit fixto automatically fix some of the vulnerabilities, but I am uncertain that this will allow us to resolve the issues properly (e.g. if the solutions suggested go against what we are planning, or if the solutions suggested is to directly upgrade packages we are maintaining for other reasons).Ideally, we should go through the list and resolve the vulnerabilities individually (or even assess whether these are relevant or not). Any suggestions on better approaches welcome!
Describe alternatives you've considered
No response
Additional context
No response
The text was updated successfully, but these errors were encountered: