Skip to content
This repository has been archived by the owner on Nov 8, 2024. It is now read-only.

Package dependency triggers NPM advisory (1696) #1934

Open
ozamarripa opened this issue May 12, 2021 · 1 comment
Open

Package dependency triggers NPM advisory (1696) #1934

ozamarripa opened this issue May 12, 2021 · 1 comment

Comments

@ozamarripa
Copy link

Describe the bug
npm audit triggers an advisory from a tertiary dependency.

{
      "action": "review",
      "module": "json-pointer",
      "resolves": [
        {
          "id": 1696,
          "path": "dredd>gavel>json-pointer",
          "dev": true,
          "optional": false,
          "bundled": false
        }
      ]
    }

To Reproduce
Run npm audit and observe vulnerability ID is listed

Expected behavior
npm audit should not list any vulnerabilities tied to this package (or it's dependencies)

What is in your dredd.yml?

N/A

What's your dredd --version output?

N/A

Does dredd --loglevel=debug uncover something?

N/A

Can you send us failing test in a Pull Request?

N/A
@ansonliao
Copy link

I also meet the vulnerability issue of dredd from npm, when I run npm audit fix --force and the command will downgrade my dredd version to 5.3.0, and my running dredd version is 14.0, any idea can fix the problem?

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ozamarripa @ansonliao