Closed useafterfree closed 11 months ago
IanVS
commented
11 months ago Thanks, please run yarn install and check in the new updated yarn.lock?
Also, note that this issue doesn't really impact us since we don't send untrusted user input through the semver package, we only examine your config file with it.
useafterfree
commented
11 months ago Thanks, please run
yarn installand check in the new updatedyarn.lock?Also, note that this issue doesn't really impact us since we don't send untrusted user input through the semver package, we only examine your config file with it.
Done!
We get flagged in container scans for this, despite it not being in the codepath
IanVS
commented
11 months ago Understood. Thanks for the PR!
https://github.com/advisories/GHSA-c2qf-rxjj-qqgw