-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix issues from npm audit #698
Comments
I would try to solve this issue, but I do not have access to the dependabot page |
@sarmatdev Isn't the screenshot above enough? |
@sarmatdev are you still doing this? |
I don't have access to the full security reports. Take this task if you want to solve it. |
@bonustrack axios comes from @portis/web3 and ansi-regex comes from eslint. portis/web3 and eslint are already the latest release possible. I do not see what we can do here other than patching those packages |
Another solution - disable portis/web3 till we have any updates from them. |
@sarmatdev you can enable security alerts in your fork. :) |
take a look at yarn's resolution feature. Also submit an issue on portis/web3 to upgrade their dependencies. |
Created a PR here portis-project/web-sdk#141 that can remove their unused dep that have this old version |
We should fix issue from npm audit
https://github.com/snapshot-labs/snapshot/security/dependabot
The text was updated successfully, but these errors were encountered: