how to deal with vulnerabilities? #1
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
I'm quite new to npm, but releasing a site knowing in advance about its vulerabilities doesn't sound good.
I noticed that npm audit reports 21 vulnerabilities (8 moderate, 13 high), some of them seems were fixed, while others not, here's the report:
@schatz do you know how to address these?
As a starting point, I have updated to docusaurus v2.2.0 and run 'npm audit fix' that resulted in resolving some of the vulnerabilities.
Relevant PR: #16
However, others persist; so I do not close this issue. I have to take a closer look.
As far as I understand, this is a known issue: https://github.com/facebook/docusaurus/issues/6394
In their response, they state that those vulnerabilities occur only during the building process and the client is not affected.
Also tried to use
ncu
as mentioned here: https://stackoverflow.com/a/59158899/6938911But it seems to break the building process.
@claudio.atzori these vulnerabilities seem to refer to building process of the docunentation as mentioned in https://github.com/facebook/docusaurus/issues/6394#issuecomment-1015942459, therefore the client appliction is not affected. So, should we close this issue?