npm audit warnings

[t0lkman]

# Run  npm install --save-dev ejs-compiled-loader@2.2.0  to resolve 2 vulnerabilities
SEMVER WARNING: Recommended action is a potentially breaking change

  Low             Incorrect Handling of Non-Boolean Comparisons During          
                  Minification                                                  

  Package         uglify-js                                                     

  Dependency of   ejs-compiled-loader [dev]                                     

  Path            ejs-compiled-loader > uglify-js                               

  More info       https://npmjs.com/advisories/39                               




  Low             Regular Expression Denial of Service                          

  Package         uglify-js                                                     

  Dependency of   ejs-compiled-loader [dev]                                     

  Path            ejs-compiled-loader > uglify-js                               

  More info       https://npmjs.com/advisories/48                               

looks like uglify-js needs to be updated?

[t0lkman]

ok I just created another one, which doesn't produce this warning. Whoever is interested here is the link: https://www.npmjs.com/package/webpack-ejs3-loader

[bazilio91]

It's strange, because 2.2.0 loader uses 2.6.1 uglify-js which marked as unaffected prior to https://www.npmjs.com/advisories/39/versions and https://www.npmjs.com/advisories/48/versions. Maybe your lock file is stale or something else?

[t0lkman]

I think because I had 1.x version