Closed jeremija closed 5 years ago
Thanks!
Thanks for merging! I noticed you published a new version on NPM, but the advisory still says version 0.4.0 is affected.
Do you happen to know how to change this?
I don't know why it lists 0.4.0 as an affected version. I've messaged npm support about it.
I sent them an email too yesterday. Looks like they have affected versions hardcoded. This is a part of the output of npm audit --json
:
"vulnerable_versions": "*",
"patched_versions": "<0.0.0",
Looks like they fixed it! 👍
closes #41, closes #43
This commit is an attempt to fix the isuse in NPM security advisory:
https://www.npmjs.com/advisories/726
Further reading: