Closed jroebu14 closed 3 years ago
Latest commit: 89c9ae99cd6ac6958ca8622a5f259295c88bb28e
The changes in this PR will be included in the next version bump.
Not sure what this means? Click here to learn what changesets are.
Click here if you're a maintainer who wants to add another changeset to this PR
Removes package
meow
from@manypkg/cli
. Themeow
package contains a vulnerable packagehosted-git-info@2.8.8
Introduced through:
@manypkg/cli@0.17.0 › meow@6.1.1 › normalize-package-data@2.5.0 › hosted-git-info@2.8.8
More info here: https://app.snyk.io/test/npm/@manypkg/cli/0.17.0#SNYK-JS-HOSTEDGITINFO-1088355
It appears to me that
meow
is not used anywhere in the codebase so it made sense to remove this package rather than upgrade it to a safe version.