found 2 vulnerabilities (1 low, 1 moderate)

Question

found 2 vulnerabilities (1 low, 1 moderate)

takanakahiko opened this issue 6 years ago · comments

takanakahiko commented 6 years ago

I get warning found 2 vulnerabilities (1 low, 1 moderate) when running npm i .

Details :

Need to update dependencies.

takanakahiko commented 6 years ago

Thanks!

takanakahiko · Answer 1 · Thu Jan 03 2019 20:46:38 GMT+0800 (China Standard Time)

This problem is due to superagent-throttle.

leviwheatcroft/superagent-throttle#13

Jack Ellenberger · Answer 2 · Fri Jan 04 2019 02:12:27 GMT+0800 (China Standard Time)

Thanks @takanakahiko, it looks like superagent-throttle has been fixed but not released. I @'d the maintainer and we'll see if they get back to me in a reasonable amount of time. If not, my options are:

make the dependency a github one instead of an npm one (easy but also ew)
fork the repo and make the dependency a github one that i can control / make sure doesn't get turned into malware (easyish but also ewish)
implement my own throttling idk doesn't seem that bad

For you, for the time being, you can clear up the vulnerability in your own project by editing your package-lock.json to have superagent-throttle require superagent@3.8.3 instead of superagent@1.x.x. Then just delete your node modules and reinstall.

Jack Ellenberger · Answer 3 · Fri Jan 04 2019 07:12:15 GMT+0800 (China Standard Time)

Okay! The author just released superagent-throttle@1.0.0 with the fix, and I've committed it to master. Expect emojme@1.5.1 soon.

Jack Ellenberger · Answer 4 · Sun Jan 13 2019 00:04:37 GMT+0800 (China Standard Time)

Sorry for the delay, emojme@1.5.1 is out with superagent-throttle's fix. thanks for your patience!