In projects using @manypkg/cli@0.18.0 (latest), npm audit flags a vulnerability. In tracing the dependency tree, @manypkg/get-packages is a full version behind on it's dependency declaration for globby@^11.0.0. By updating this to ^12.0.1, the vulnerability will be fixed.
This update would require releasing a patch for @manypkg/get-packages then a subsequent patch to @manypkg/cli updating the dependency on get-packages to the new version.
emmatown
commented
1 year ago
In projects using
@manypkg/cli@0.18.0(latest),npm auditflags a vulnerability. In tracing the dependency tree,@manypkg/get-packagesis a full version behind on it's dependency declaration forglobby@^11.0.0. By updating this to^12.0.1, the vulnerability will be fixed.This update would require releasing a patch for
@manypkg/get-packagesthen a subsequent patch to@manypkg/cliupdating the dependency on get-packages to the new version.