search

NightlyCommit / twing

First-class Twig engine for Node.js
BSD 2-Clause "Simplified" License
199 stars 23 forks source link

Update Merge Dependency to 2.1.1 #536

Closed eusebiogit closed 3 years ago

eusebiogit commented 3 years ago

Sorry I have the next problem with

"npm audit" command

merge  <2.1.1
Severity: high
Prototype Pollution - https://npmjs.com/advisories/1666
fix available via `npm audit fix --force`
Will install twing@0.1.3, which is a breaking change
node_modules/merge
  twing  >=0.2.0
  Depends on vulnerable versions of merge
  node_modules/twing

2 high severity vulnerabilities

To address all issues (including breaking changes), run:
  npm audit fix --force

relevant code: N/A steps for reproducing the issue: npm audit

Can you solve this please?

You only need make update merge to v2.1.1. Thank you!

eusebiogit commented 3 years ago

it is fix in gitlab

ericmorand commented 3 years ago

Will be part on the next patch release, probably tomorrow.

kassner commented 3 years ago

@ericmorand if you have the spare time, can you make a new release, please? Thank you!