updated dependency for normalize-package-info

DamonOehlman / travis-multirunner

A simple configuration for running (limited) multibrowser tests on travis ci

8 stars 14 forks source link

Closed cpettet closed 1 year ago

cpettet commented 1 year ago

Mend/Whitesource is showing travis-multirunner security vulnerabilities with these dependencies:

Updating normalize-package-data:

removes dependency for resolve which carries the path-parse vulnerability.
upgrades hosted-git-info to 6.0.0, which eliminates vulnerability present in 2.8.8

fippo commented 1 year ago

github seems a bit confused on this one?

cpettet commented 1 year ago

Hi @fippo, Sorry, I updated the description to be more readable. 😄

cpettet commented 1 year ago

Duplicate.

fippo commented 1 year ago

What surprised me that github didn't figure out the diff would have been empty :-)