GitHub found a potential security vulnerability from node-growl

Hi, I got the same issue as you just after boostraping a pheonix application.

Github has detected a potential vulnerability from node-growl dependency. The vulnerability comes from loggy pulled from brunch.io . I had to upgrade brunch to a version that doesn’t use loggy anymore. I used the tool npm-check-updates to do so.

cd assets

Installed ncu

~/s/e/assets ❯❯❯ npm i -g npm-check-updates                                                              ✘ 127 master ◼
/home/marco/.npm-global/bin/npm-check-updates -> /home/marco/.npm-global/lib/node_modules/npm-check-updates/bin/npm-check-updates
/home/marco/.npm-global/bin/ncu -> /home/marco/.npm-global/lib/node_modules/npm-check-updates/bin/ncu
+ npm-check-updates@2.14.2
added 383 packages in 15.239s

Performed npm dependencies upgrades with ncu.

~/s/e/assets ❯❯❯ ncu -u
Using /home/marco/sources/eisenhower_matrix/assets/package.json
[..................] \ :
 babel-brunch   6.1.1  →    7.0.0 
 brunch        2.10.9  →  2.10.17 
Upgraded /home/marco/sources/eisenhower_matrix/assets/package.json

Installed npm dependencies.

~/s/e/assets ❯❯❯ npm install                                                                                 master ✱ ◼
npm WARN assets No description
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents@1.2.4 (node_modules/fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents@1.2.4: wanted {"os":"darwin","arch":"any"} (current: {"os":"linux","arch":"x64"})

added 125 packages, removed 106 packages, updated 30 packages and moved 10 packages in 17.284s

Then I pushed the project to GitHub and the vulnerability was fixed.

I hope it helps you too.