NPM audit reports low vulnerability in dependencies #592

LoganDupont · 2020-05-18T10:46:16Z

Paths:

standard-version > git-semver-tags > meow > yargs-parser
standard-version > conventional-recommended-bump > meow > yargs-parser
standard-version > conventional-recommended-bump > git-semver-tags > meow > yargs-parser

More info https://npmjs.com/advisories/1500

saadjutt01 · 2020-05-19T03:10:53Z

Low : Prototype Pollution
Package : yargs-parser
Patched in : >=13.1.2 <14.0.0 || >=15.0.1 <16.0.0 || >=18.1.2
Dependency of : standard-version [dev]
on console.

timbru31 · 2020-06-08T11:16:56Z

Both conventional-recommended-bump@6.0.9 and git-semver-tags@4.0.0 already have been released - we just need a review and merge of their dependency PRs: #588 #598

Can someone please take care of this and release a new version? The PRs are open since >1 month now...

jbottigliero · 2020-07-12T14:25:57Z

Hi, we've published 8.0.1 which includes updates for both of these dependencies.

nmccready · 2021-06-10T18:53:40Z

Any updates please?

aral mentioned this issue May 19, 2020

WIP: Fix npm security warnings istanbuljs/nyc#1316

Closed

jbottigliero added the triaged label Jul 12, 2020

jbottigliero mentioned this issue Jul 12, 2020

Use version ranges in dependencies? #590

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

NPM audit reports low vulnerability in dependencies #592

NPM audit reports low vulnerability in dependencies #592

LoganDupont commented May 18, 2020

saadjutt01 commented May 19, 2020 •

edited

timbru31 commented Jun 8, 2020

jbottigliero commented Jul 12, 2020

nmccready commented Jun 10, 2021

NPM audit reports low vulnerability in dependencies #592

NPM audit reports low vulnerability in dependencies #592

Comments

LoganDupont commented May 18, 2020

saadjutt01 commented May 19, 2020 • edited

timbru31 commented Jun 8, 2020

jbottigliero commented Jul 12, 2020

nmccready commented Jun 10, 2021

saadjutt01 commented May 19, 2020 •

edited