You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I looked into the results of npm audit (which is now run automatically on an npm install?), and I wanted to share my thoughts on that.
The reported "high" vulnerabilities come from versions of sshpk and https-proxy-agent, which in the end are themselves dependencies of grunt-saucelabs. I did not find a way of updating both of these two packages that satisfies npm. Repairing/updating one of them leads to the other being broken.
Removing grunt-saucelabs leads to a clean npm audit. So my conclusion is that these "vulnerabilities" (Denial of service) only affect grunt-saucelabs, which seems to be some non-critical testing.
TL;DR: These are ugly, but not currently a problem?
The text was updated successfully, but these errors were encountered:
Open issue in grunt-saucelabs: axemclion/grunt-saucelabs#229. Apparently it's not currently actively maintained. But yeah, this shouldn't cause any actual security issues in OpenPGP.js itself.
I looked into the results of npm audit (which is now run automatically on an npm install?), and I wanted to share my thoughts on that.
The reported "high" vulnerabilities come from versions of
sshpk
andhttps-proxy-agent
, which in the end are themselves dependencies ofgrunt-saucelabs
. I did not find a way of updating both of these two packages that satisfies npm. Repairing/updating one of them leads to the other being broken.Removing
grunt-saucelabs
leads to a clean npm audit. So my conclusion is that these "vulnerabilities" (Denial of service) only affect grunt-saucelabs, which seems to be some non-critical testing.TL;DR: These are ugly, but not currently a problem?
The text was updated successfully, but these errors were encountered: