Please stop using insecure dependencies. #367
Comments
Tzahi12345
added
meta: good first issue
|
Feel free to put up a PR if you were able to solve most of these issues, I did notice that most of them were related to package-lock.json and so it won't affect the app itself. Will definitely look into this though as it's important. |
|
If you think packages in package-lock.json dont affect the application, I think that says a LOT about the application itself. I’ve sadly enough no time to submit bugreports for all the apps I make Helmcharts for. |
|
Seems like you're right on this one. I thought it just kept track of the history of package versions, rather than locking the current one. There's no need to be combative here, I'm not an expert on this stuff and the point of this is to learn together. You are spot on in that this is a relatively serious issue and I'll make sure to address it soon unless someone beats me to it. |
|
Fixed with the latest merge! |
Some review of this codebase, leads me to conclude it uses a whole bunch of depricated (and thus) insecure dependencies.
Even automated npm audit --fix solves most of the issues.
The text was updated successfully, but these errors were encountered: