Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
M
M
MyQuestion2021-06-25 23:38:08
GitHub
MyQuestion, 2021-06-25 23:38:08

GitHub pages: Why is there a warning for the contents of the package-lock.json file?

Good afternoon!

Mistake:

Dependabot alerts surface known security vulnerabilities in some dependency manifest files. Dependabot security updates automatically keep your application up-to-date by updating dependencies in response to these alerts. Dependabot version updates can also help keep dependencies updated.


Writes about a security vulnerability.

He doesn't like modules:
- trim-newlines
- normalize-url
- xmldom
- lodash.template

What to do with it, update somehow? Remove package-lock? - Because, I don't understand why the installed module is safe, but a couple of package-lock entries about this module are not... Or to ignore the entire file?
Does anyone have information about this vulnerability, and what can you advise?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
V
Vasily Bannikov, 2021-06-26
@vabka

Remove package-lock?

Remove package-lock and update packages to latest versions.

Similar questions
D
Dmitry Q2020-04-29 15:26:59
How to convert multipage markdown to pdf? 3Reply
E
egoros72020-04-30 19:30:13
Tried to create an account on GitHub, what's wrong? 1Reply
R
RedSmoke_smr2021-07-01 20:02:20
How to access and deploy multiple repositories with only one SSH key? 0Reply
D
dk-web2015-11-07 19:16:58
How to log in with composer update? 1Reply
P
Puma Thailand2012-02-05 14:22:29
How do you deploy your php sites from git repositories? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question