Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Package dependency triggers NPM advisory (1696) #1934

Open
ozamarripa opened this issue May 12, 2021 · 1 comment
Open

Package dependency triggers NPM advisory (1696) #1934

ozamarripa opened this issue May 12, 2021 · 1 comment

Comments

@ozamarripa
Copy link

Describe the bug
npm audit triggers an advisory from a tertiary dependency.

{
      "action": "review",
      "module": "json-pointer",
      "resolves": [
        {
          "id": 1696,
          "path": "dredd>gavel>json-pointer",
          "dev": true,
          "optional": false,
          "bundled": false
        }
      ]
    }

To Reproduce
Run npm audit and observe vulnerability ID is listed

Expected behavior
npm audit should not list any vulnerabilities tied to this package (or it's dependencies)

What is in your dredd.yml?

N/A

What's your dredd --version output?

N/A

Does dredd --loglevel=debug uncover something?

N/A

Can you send us failing test in a Pull Request?

N/A
@ansonliao
Copy link

I also meet the vulnerability issue of dredd from npm, when I run npm audit fix --force and the command will downgrade my dredd version to 5.3.0, and my running dredd version is 14.0, any idea can fix the problem?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ozamarripa @ansonliao