Unfortunately, due to another issue, I will need to cancel this release. On Thu, Sep 13, 2018 at 10:57 AM Daniel Klco <[email protected]> wrote:
> Robert, > > My understanding is these dependencies are coming from Gulp, our build > tool not from the built code. While the warnings aren't ideal, we're not > including minmatch, lodash or graceful-fs in our final JS / CSS builds, > they are just used to build our code. > > I'll try to figure out which plugin is emitting these errors and remove / > replace it, but I'd vote to move forward with the release as this is a > compile-time not runtime issue. > > Hope that helps! > > -Dan > > On Thu, Sep 13, 2018 at 10:14 AM Robert Munteanu <[email protected]> > wrote: > >> Hi, >> >> I noticed the following when building the CMS >> >> [WARNING] npm WARN notice [SECURITY] lodash has the following >> vulnerability: 1 low. Go here for more details: >> https://nodesecurity.io/advisories?search=lodash&version=1.0.2 - Run >> `npm i npm@latest -g` to upgrade your npm version, and then `npm audit` >> to get more info. >> [WARNING] npm WARN deprecated [email protected]: please upgrade to >> graceful-fs 4 for compatibility with current and future versions of Node.js >> [WARNING] npm WARN notice [SECURITY] minimatch has the following >> vulnerability: 1 high. Go here for more details: >> https://nodesecurity.io/advisories?search=minimatch&version=0.2.14 - Run >> `npm i npm@latest -g` to upgrade your npm version, and then `npm audit` >> to get more info. >> [WARNING] npm WARN notice [SECURITY] minimatch has the following >> vulnerability: 1 high. Go here for more details: >> https://nodesecurity.io/advisories?search=minimatch&version=2.0.10 - Run >> `npm i npm@latest -g` to upgrade your npm version, and then `npm audit` >> to get more info. >> >> Is this something that we should redo for the release or is it OK to >> release this way? >> >> Thanks, >> >> Robert >> >>
