TechQA.

Running 'npm update ejs --depth 2', to fix security vulnerabilities does nothing

1.3k views Asked by At

In the pipeline I get a message:

Check package security issues

It tells me # Run npm update ejs --depth 2 to resolve 1 vulnerability.

This is the description tabel:

High          │ Template injection in ejs                                    │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ ejs                                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ source-map-explorer                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ source-map-explorer > ejs                                    │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://github.com/advisories/GHSA-phwq-j96m-2c2q

But when I run this command I don't get any changed files appearing?

I know I can add ejs to resolutions inside my package.json like:

"resolutions": {
    "ejs": "3.1.7",
}

But why does npm update ejs --depth 2 does nothing?

npm resolution npm-update
Original Q&A
0

There are 0 answers

Related Questions in NPM

Related Questions in RESOLUTION

Related Questions in NPM-UPDATE

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions