Closed useafterfree closed 11 months ago
Thanks, please run yarn install
and check in the new updated yarn.lock
?
Also, note that this issue doesn't really impact us since we don't send untrusted user input through the semver package, we only examine your config file with it.
Thanks, please run
yarn install
and check in the new updatedyarn.lock
?Also, note that this issue doesn't really impact us since we don't send untrusted user input through the semver package, we only examine your config file with it.
Done!
We get flagged in container scans for this, despite it not being in the codepath
Understood. Thanks for the PR!
https://github.com/advisories/GHSA-c2qf-rxjj-qqgw