npm install in chapter-zero warns of high severity vulnerabilities

[reillysiemens]

Describe the bug
Running the initial npm installon the chapter-zero branch results in a warning about high severity vulnerabilities.

To Reproduce
Steps to reproduce the behavior:

1. git clone https://github.com/rustwasm/wasm_game_of_life.git
2. cd wasm_game_of_life
3. git checkout -b chapter-zero origin/chapter-zero
4. npm install

Expected behavior
npm install requires no audit fixes to install JavaScript dependencies without warning.

Screenshots

Additional context
In this case the vulnerabilities I saw were actually just one vulnerability that was filed recently and has already been patched. It's no trouble to run npm audit fix, but I think that slows readers down. Worrying about whether they need to take care of vulnerabilities might detract from the goal of learning about WebAssembly and Rust.

For what it's worth, I'm using

• nvm - v0.33.11
• Node.js - v10.9.0
• npm - v6.4.0
• Git - v2.17.1

I believe this can be easily resolved by running the audit fixes and the committing the updated package-lock.json, but I've no idea what effect that will have on the branching structure for the repo.

[mgattozzi]

Hey @reillysiemens thanks for filing this! We recently restructured this repo to contain only the final code. Does this exist for the current version of the repo?

[reillysiemens]

@mgattozzi, I see that this repository was recently restructured to no longer use submodules. If you mean

Does this exist without using submodules?

then yes, the current chapter-zero branch has this issue without the use of submodules.

[Zireael07]

Still an issue in chapter-zero branch.

[fox-daniel]

It is still an issue. I received a warning of 36 vulnerabilities (1 low, 3 moderate, 27 high, 5 critical) with node v19.4.0.