Security warnings

[risharde]

@shakty I'm seeing the following and I was wondering if this is normal. Concerned about security here if there are perhaps alternate libraries that can be used to avoid vulernabilities. Seems like it's a NDDB dependency to use uglify?

uglify-js <=2.5.0
Severity: critical
Incorrect Handling of Non-Boolean Comparisons During Minification in uglify-js - GHSA-34r7-q49f-h37c
Regular Expression Denial of Service in uglify-js - GHSA-c9f4-xj24-8jqx
fix available via npm audit fix --force
Will install NDDB@0.4.2, which is a breaking change
node_modules/uglify-js
smoosh >=0.4.0
Depends on vulnerable versions of uglify-js
node_modules/smoosh
JSUS >=0.6.3
Depends on vulnerable versions of smoosh
node_modules/JSUS
NDDB >=0.4.3
Depends on vulnerable versions of JSUS
Depends on vulnerable versions of smoosh
node_modules/NDDB
shelf.js >=0.3.7
Depends on vulnerable versions of smoosh
node_modules/shelf.js

5 critical severity vulnerabilities

[shakty]

Hi,

Thanks for posting this. uglify-js is no longer used in the minified build of nodegame, we use terser-js for that. It should be removed as dependency and the build script should be updated.