nsp fails notifme-sdk due to https://nodesecurity.io/advisories/534
mikiwiik opened this issue · comments
The current (1.4.0) notifme-sdk is caught by nsp due to https://nodesecurity.io/advisories/534
For sure, the root cause is node-gcm, but notifme-sdk get the nsp blame :-)
npm i nsp
nsp check --output summary
(+) 1 vulnerabilities found
Name Installed Patched Path More Info
debug 0.8.1 >= 2.6.9 < 3.0.0 || >= 3.1.0 notifme-sdk@1.4.0 > node-pushnotifications@1.0.18 > node-gcm@0.14.6 > debug@0.8.1 https://nodesecurity.io/advisories/534
The problem also comes from node-apn
https://github.com/node-apn/node-apn/pull/595/files.
Thanks for the notice, I'll update as soon as a new version is available!
For reference: appfeel/node-pushnotifications#63
Seems to be alright now:
npx nsp check
(+) No known vulnerabilities found
Anyway I activated Greenkeeper to upgrade dependencies automatically (#26)