I have a sample system called BowFolios that I maintain for my students. I have just updated it to the latest release of Meteor, and found two “high” vulnerabilities:
Here is my packages file:
Since this is a subdependency, a simple npm audit fix won’t fix it. What should I do?
Fixed it by comparing to the default app created by meteor. Needed to change package.json to:
Also discovered that react-addons-pure-render-mixin is not needed, so I simply deleted that package.