npm audit shows 8 vulnerabilities (5 high, 1 critical)

[john-aws]

Issue Report

I cloned the repolinter repo today. I then ran npm audit and it resulted in numerous high and critical dependency vulnerabilities.

Expected Behavior

I would expect to see zero high and zero critical dependency errors.

Actual Behavior

8 vulnerabilities (2 moderate, 5 high, 1 critical)

Steps to Reproduce the Issue

git clone https://github.com/todogroup/repolinter.git
cd repolinter
npm install
npm audit

[wesley-dean]

I also ran npm audit and noticed a bunch of vulnerabilities:

18 vulnerabilities (10 moderate, 8 high)

After running npm audit fix, it's a little better:

10 vulnerabilities (6 moderate, 4 high)

Running npm audit fix --force made things way worse:

102 vulnerabilities (39 moderate, 23 high, 40 critical)

I forked the repo and setup Dependabot and ran in there; it came back with a few updates:

https://github.com/wesley-dean/repolinter/pulls?q=sort%3Aupdated-desc+is%3Apr+label%3Adependencies

After merging the PRs Dependabot created, it's down to a more reasonable number:

13 vulnerabilities (8 moderate, 5 high)

...but still not as good as just running npm audit fix and leaving it alone.