-
Notifications
You must be signed in to change notification settings - Fork 4
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Security warnings #16
Comments
Hi, Thanks for posting this. uglify-js is no longer used in the minified build of nodegame, we use terser-js for that. It should be removed as dependency and the build script should be updated. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
@shakty I'm seeing the following and I was wondering if this is normal. Concerned about security here if there are perhaps alternate libraries that can be used to avoid vulernabilities. Seems like it's a NDDB dependency to use uglify?
uglify-js <=2.5.0
Severity: critical
Incorrect Handling of Non-Boolean Comparisons During Minification in uglify-js - GHSA-34r7-q49f-h37c
Regular Expression Denial of Service in uglify-js - GHSA-c9f4-xj24-8jqx
fix available via
npm audit fix --force
Will install [email protected], which is a breaking change
node_modules/uglify-js
smoosh >=0.4.0
Depends on vulnerable versions of uglify-js
node_modules/smoosh
JSUS >=0.6.3
Depends on vulnerable versions of smoosh
node_modules/JSUS
NDDB >=0.4.3
Depends on vulnerable versions of JSUS
Depends on vulnerable versions of smoosh
node_modules/NDDB
shelf.js >=0.3.7
Depends on vulnerable versions of smoosh
node_modules/shelf.js
5 critical severity vulnerabilities
The text was updated successfully, but these errors were encountered: