Update assetgraph to remove vulnerable dependency

Munter / hyperlink

A node library and command line tool to test the integrity of your internal an external hyperlinks

231 stars 24 forks source link

Update assetgraph to remove vulnerable dependency #194

Closed danielfdickinson closed 3 years ago

danielfdickinson commented 3 years ago

assetgraph has been updated to 7.3.0 due to https://github.com/assetgraph/assetgraph/pull/1189#issuecomment-948403802

which fixes this transitive vulnerability:

CVE-2021-3803 moderate severity Vulnerable versions: < 2.0.1 Patched version: 2.0.1 nth-check is vulnerable to Inefficient Regular Expression Complexity

Please update assetgraph to 7.3.0 to fix the vulnerable dependency.

Sorry, jumped the gun...the release will be happening at some point soon (I hope).

papandreou commented 3 years ago

Fixed in 5.0.0

danielfdickinson commented 3 years ago

Thank you! That was awesomely fast! Guess the timing was right (and you are fast). 😄