Closed jkutianski closed 6 years ago
At a guess I'd say the advisory had a typo with the vulnerable versions that was updated after it was published. David doesn't automatically update advisories info it already knows about. I've restarted the service (which clears the advisories cache) and your dependency is now showing as not vulnerable.
HTH
Thanks Alan. Now it;s OK.
I updated Superagent to 3.7.x on my package but it's still marked as vulnerable on https://david-dm.org/jkutianski/meetup-api