The locked version of concurrently is vulnerable due to a transitive dependency on shell-code. The dependency should be bumped once they release the patch done in this PR.
Alternatively, it might be worthwhile considering loosening the version requirement (e.g., ^10.0.3) if that's acceptable.
The locked version of
concurrentlyis vulnerable due to a transitive dependency onshell-code. The dependency should be bumped once they release the patch done in this PR.Alternatively, it might be worthwhile considering loosening the version requirement (e.g.,
^10.0.3) if that's acceptable.