Currently when the Travis CI Pipeline runs there are 100 fo the same vulnerability detected that looks like this:
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low │ Prototype Pollution │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ ini │
├───────────────┼──────────────────────���───────────────────────────────────────┤
│ Dependency of │ webpack-dev-server [dev] │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ webpack-dev-server > chokidar > fsevents > node-pre-gyp > rc │
│ │ > ini │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/1589 │
└───────────────┴──────────────────────────────────────────────────────────────┘
There is currently a PR submitted for the rc package here:
dominictarr/rc#121
Since the assessment is low and there is an upstream PR open, we are comfortable 'ignoring' this for now. Hopefully it is resolved by the maintainer of rc soon.
Currently when the Travis CI Pipeline runs there are 100 fo the same vulnerability detected that looks like this:
There is currently a PR submitted for the
rcpackage here:dominictarr/rc#121
Since the assessment is
lowand there is an upstream PR open, we are comfortable 'ignoring' this for now. Hopefully it is resolved by the maintainer ofrcsoon.