Vulnerabilities in dependencies

[digitalfrost]

Most appropriate sub-area of p5.js?

• Color
• Core/Environment/Rendering
• Data
• Events
• Image
• IO
• Math
• Typography
• Utilities
• WebGL
• Other (Security)

running npm install gives the following warning

added 1511 packages from 1560 contributors and audited 9000 packages in 249.758s found 21 vulnerabilities (9 low, 9 moderate, 2 high, 1 critical)

running npm audit gives a detailed report.

Posting the full report is difficult to do here because of formatting issues but I have put it in this gist: https://gist.github.com/digitalfrost/5faa99e9d1549201672fe0c0fe44f975

[digitalfrost]

A lot of the warnings are raised due to grunt-contrib-yuidoc
The p5.js project is already on the latest released version.

Link to the npm page for grunt-contrib-yuidoc
The last release was 3 years ago.

[digitalfrost]

grunt-saucelabs also causes a warning.
Last release was 2 years ago.
The p5.js project is already on the latest released version.

[digitalfrost]

grunt-open is the cause of the vulnerability marked as critical.
Last release was 5 years ago.

[digitalfrost]

The other warnings come from:

grunt-update-json
Last released 3 years ago.

grunt-release-it
Last released 3 years ago.

grunt-jscs
Last released 2 years ago

[digitalfrost]

Just submitted a pull request to grunt-saucelabs to fix problems with lodash and saucelabs:
axemclion/grunt-saucelabs#231.
Also see axemclion/grunt-saucelabs#229 for ticket on vulnerabilities in grunt-saucelabs

[digitalfrost]

Just submitted a pull request to grunt-contrib-yuidoc to fix some of the security vulnerabilities: gruntjs/grunt-contrib-yuidoc#35