You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I have a project using bem. Running npm audit produces this report:
=== npm audit security report ===
Manual Review
Some vulnerabilities require your attention to resolve
Visit https://go.npm.me/audit-guide for additional guidance
Moderate Sandbox Breakout / Arbitrary Code Execution
Package static-eval
Patched in >=2.0.0
Dependency of bem [dev]
Path bem > bem-tools-create > bem-config > jsonpath > static-eval
More info https://npmjs.com/advisories/548
Moderate Sandbox Breakout / Arbitrary Code Execution
Package static-eval
Patched in >=2.0.2
Dependency of bem [dev]
Path bem > bem-tools-create > bem-config > jsonpath > static-eval
More info https://npmjs.com/advisories/758
found 2 moderate severity vulnerabilities in 1834575 scanned packages
2 vulnerabilities require manual review. See the full report for details.
bem-config was deprecated some time ago and bem has not had a release in 3 years. How can I resolve these vulnerabilities, please? I've tried both npm install --save-dev static-eval@2.0.3 and npm install --save-dev jsonpath@1.0.2 but that didn't make any difference. Thank you.
The text was updated successfully, but these errors were encountered:
I have a project using
bem. Runningnpm auditproduces this report:bem-configwas deprecated some time ago andbemhas not had a release in 3 years. How can I resolve these vulnerabilities, please? I've tried bothnpm install --save-dev static-eval@2.0.3andnpm install --save-dev jsonpath@1.0.2but that didn't make any difference. Thank you.The text was updated successfully, but these errors were encountered: