Robert, My understanding is these dependencies are coming from Gulp, our build tool not from the built code. While the warnings aren't ideal, we're not including minmatch, lodash or graceful-fs in our final JS / CSS builds, they are just used to build our code.
I'll try to figure out which plugin is emitting these errors and remove / replace it, but I'd vote to move forward with the release as this is a compile-time not runtime issue. Hope that helps! -Dan On Thu, Sep 13, 2018 at 10:14 AM Robert Munteanu <[email protected]> wrote: > Hi, > > I noticed the following when building the CMS > > [WARNING] npm WARN notice [SECURITY] lodash has the following > vulnerability: 1 low. Go here for more details: > https://nodesecurity.io/advisories?search=lodash&version=1.0.2 - Run `npm > i npm@latest -g` to upgrade your npm version, and then `npm audit` to get > more info. > [WARNING] npm WARN deprecated [email protected]: please upgrade to > graceful-fs 4 for compatibility with current and future versions of Node.js > [WARNING] npm WARN notice [SECURITY] minimatch has the following > vulnerability: 1 high. Go here for more details: > https://nodesecurity.io/advisories?search=minimatch&version=0.2.14 - Run > `npm i npm@latest -g` to upgrade your npm version, and then `npm audit` > to get more info. > [WARNING] npm WARN notice [SECURITY] minimatch has the following > vulnerability: 1 high. Go here for more details: > https://nodesecurity.io/advisories?search=minimatch&version=2.0.10 - Run > `npm i npm@latest -g` to upgrade your npm version, and then `npm audit` > to get more info. > > Is this something that we should redo for the release or is it OK to > release this way? > > Thanks, > > Robert > >
