TooTallNate
commented
1 year ago The semver ranges on all those dependencies are already loose enough to pick up the fixed version of vm2. Please update your lockfile.
Closed aaronwilson-1 closed 1 year ago
TooTallNate
commented
1 year ago The semver ranges on all those dependencies are already loose enough to pick up the fixed version of vm2. Please update your lockfile.
The dependancy chain needs to be updated to apply the patch for this critical vulnerability.
https://github.com/advisories/GHSA-7jxr-cg7f-gpgv
proxy-agent->pac-proxy-agent->pac-resolver->vm2