Documenting audit failure in ini package #896
Description
Currently when the Travis CI Pipeline runs there are 100 fo the same vulnerability detected that looks like this:
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low │ Prototype Pollution │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ ini │
├───────────────┼──────────────────────���───────────────────────────────────────┤
│ Dependency of │ webpack-dev-server [dev] │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ webpack-dev-server > chokidar > fsevents > node-pre-gyp > rc │
│ │ > ini │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/1589 │
└───────────────┴──────────────────────────────────────────────────────────────┘
There is currently a PR submitted for the rc package here:
Since the assessment is low and there is an upstream PR open, we are comfortable 'ignoring' this for now. Hopefully it is resolved by the maintainer of rc soon.