ngneat / svg-icon

👻 A lightweight library that makes it easier to use SVG icons in your Angular Application

Home Page:https://netbasal.com

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Audit fails because of an underlying dependency

BlindDespair opened this issue · comments

I'm submitting a...


[ ] Regression (a behavior that used to work and stopped working in a new release)
[x] Bug report  
[ ] Performance issue
[ ] Feature request
[ ] Documentation issue or request
[ ] Support request
[ ] Other... Please describe:

Current behavior

One of the deep dependencies makes npm audit fail in our projects. Please see the screenshot
image
The dependency name is ini and it's pulled by schematics

Expected behavior

npm audit should not fail

Minimal reproduction of the problem with instructions

Install 3.2.0 version of svg-icon and run npm audit

What is the motivation / use case for changing the behavior?

Our CI is failing because of this and for now we have to remove audit from it, but we would like to keep it in the future.

Environment


Angular CLI: 12.2.1
Node: 14.17.5
Package Manager: npm 6.14.14
OS: darwin x64

Angular: 12.2.1
... animations, cdk, cli, common, compiler, compiler-cli, core
... forms, material, platform-browser, platform-browser-dynamic
... router

Package                         Version
---------------------------------------------------------
@angular-devkit/architect       0.1201.4
@angular-devkit/build-angular   12.1.4
@angular-devkit/core            12.2.3
@angular-devkit/schematics      8.3.29
@schematics/angular             12.2.1
rxjs                            6.6.7
typescript                      4.3.5


Browser:
- [ ] Chrome (desktop) version XX
- [ ] Chrome (Android) version XX
- [ ] Chrome (iOS) version XX
- [ ] Firefox version XX
- [ ] Safari (desktop) version XX
- [ ] Safari (iOS) version XX
- [ ] IE version XX
- [ ] Edge version XX
 
For Tooling issues:
- Node version: 14.17.5  
- Platform: All  

Others:

You're welcome to submit a PR with a fix.