Closed mallikde-kore closed 2 years ago
This is purposeful as newer versions of request and configstore aren't compatilble with old node versions and Bower is in maintenance mode: we don't break backward compatibility. I determined that these vulnerabilities aren't important enough to subject new breaking-release. The preferred upgrade method for someone who really cares about security is to migrate to Yarn: https://bower.io/blog/2017/how-to-migrate-away-from-bower/
Package Name: request@2.67.0
Issues:
Package Name: configstore@2.1
Issue: Current version of configstore is using vulnerable version of dot-prop module. Suggesion: configstore fixed this vulneraility in 3.0.0 version. please upgrade configstore version higher than 3.0.0.