Problem
npm audit reports 55 vulnerabilities (18 low, 23 moderate, 12
high, 2 critical). Production-only (npm audit --omit=dev): 33 (19
moderate, 8 high, 1 critical), including validator (URL-validation
bypass), ws (DoS), and uuid (missing bounds check).
Proposed change
Run npm audit fix (the non---force form) to remediate everything
that does not require a major upgrade, and commit the updated
package-lock.json. Re-run npm audit and record the remaining
(major-only) advisories — those are tracked by the dependency-upgrade
issues.
Acceptance criteria
npm audit fix applied; package-lock.json committed.- Test suite passes.
- Remaining advisories are only those requiring major upgrades.
Problem
npm auditreports 55 vulnerabilities (18 low, 23 moderate, 12high, 2 critical). Production-only (
npm audit --omit=dev): 33 (19moderate, 8 high, 1 critical), including
validator(URL-validationbypass),
ws(DoS), anduuid(missing bounds check).Proposed change
Run
npm audit fix(the non---forceform) to remediate everythingthat does not require a major upgrade, and commit the updated
package-lock.json. Re-runnpm auditand record the remaining(major-only) advisories — those are tracked by the dependency-upgrade
issues.
Acceptance criteria
npm audit fixapplied;package-lock.jsoncommitted.