found 2 vulnerabilities (1 low, 1 moderate)
takanakahiko opened this issue · comments
This problem is due to superagent-throttle
.
Thanks @takanakahiko, it looks like superagent-throttle has been fixed but not released. I @'d the maintainer and we'll see if they get back to me in a reasonable amount of time. If not, my options are:
- make the dependency a github one instead of an npm one (easy but also ew)
- fork the repo and make the dependency a github one that i can control / make sure doesn't get turned into malware (easyish but also ewish)
- implement my own throttling idk doesn't seem that bad
For you, for the time being, you can clear up the vulnerability in your own project by editing your package-lock.json to have superagent-throttle require superagent@3.8.3 instead of superagent@1.x.x. Then just delete your node modules and reinstall.
Okay! The author just released superagent-throttle@1.0.0 with the fix, and I've committed it to master. Expect emojme@1.5.1 soon.
Thanks!
Sorry for the delay, emojme@1.5.1 is out with superagent-throttle's fix. thanks for your patience!