Skip to content

Fix security vulnerability by upgrading lib#8

Open
dchambers wants to merge 1 commit intojonschlinkert:masterfrom
dchambers:fix-CVE-2019-10747
Open

Fix security vulnerability by upgrading lib#8
dchambers wants to merge 1 commit intojonschlinkert:masterfrom
dchambers:fix-CVE-2019-10747

Conversation

@dchambers
Copy link
Copy Markdown

@dchambers dchambers commented Oct 2, 2019

@RDIL
Copy link
Copy Markdown

RDIL commented Nov 15, 2019

@jonschlinkert this is urgent, please merge when you can

@finppp
Copy link
Copy Markdown

finppp commented Jan 21, 2020

Please fix this
Thanks

@jonschlinkert
Copy link
Copy Markdown
Owner

jonschlinkert commented Jan 21, 2020

Thanks for the PR, but this isn't necessary. 3.0.1 is automatically used by semver. I will merge when we have other changes to make on this library.

@dchambers
Copy link
Copy Markdown
Author

dchambers commented Jan 21, 2020

Thanks for the PR, but this isn't necessary. 3.0.1 is automatically used by semver. I will merge when we have other changes to make on this library.

Agree that for new installs this will normally be the practical upshot, but I think security tooling will continue to see potential risks since there will always be edge cases (depending on your setup) where this may not happen in practice.

That said, I personally can live with ignoring the security warnings for a while longer 👍

@finppp
Copy link
Copy Markdown

finppp commented Jan 21, 2020

Looks like the chain that was following linked to this package/pr: jonschlinkert/cache-base#12

Thanks for getting back to me though!
Finlay

@jimmywarting jimmywarting mentioned this pull request Aug 7, 2021
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@dchambers @RDIL @finppp @jonschlinkert