npm audit fix
on my project tells me 63 vulnerabilities (7 low, 24 moderate, 29 high, 3 critical)
. Most of the complaints seem to be the result of an obsolete version of 9p-vxgp
and yargs
.
Upgrading these is flagged as a breaking change, and l last time I tried npm audit fix --force
it did indeed break my application.
It would be nice to know if there’s a plan to resolve this… and if so whether only going to be fixed in Jovo v4. In my case I don’t think the vulnerabilities really matter, but they still make me uncomfortable on principle. By definition, anything on the Internet these days is going to be attacked; one open vulnerability is too many.
(OK, I misremembered what version we were at when I first wrote this. You knew what I meant.)