Bump inquirer (7.3.3) and meow (7.1.0) to fix sec vulns

boltpkg / bolt

⚡️ Super-powered JavaScript project management

MIT License

2.34k stars 84 forks source link

Closed patrickcylai closed 3 years ago

patrickcylai commented 4 years ago

Bumping inquirer and meow to the latest version to fix prototype pollution security vulnerability in lodash and yargs-parser

zzarcon commented 3 years ago

Hi there!

Thanks for opening this PR, we are facing the same security issue with yargs-parser coming from meow and this PR will solve the problem 🙏 .

Can we have a look into this? thanks!!

lukebatchelor commented 3 years ago

Released in 0.24.6

zzarcon commented 3 years ago

Awesome, thanks so much @lukebatchelor @Blasz 🚀