Closed b34c0n5 closed 1 month ago
No vuln. so far, but better be one step ahead than behind.
package-lock.json is not included in npm packages and the version specifier is set to "^3.22.4" meaning anyone installing retire would get the latest 3.x.x version.
What does this do except update the version? What does it fix?