search

browserslist / browserslist-ga

🦔 Target browsers tailored to your audience using Google Analytics
MIT License
303 stars 18 forks source link

Packages need updating in general #27

Closed ssong closed 4 years ago

ssong commented 4 years ago

The prior fix upgraded only up to v38, the issue is patched in 39.1.0.

ssong commented 4 years ago

There are 141 high and 1 critical vulns in the current package list.

dmfrancisco commented 4 years ago

Can you explain what you mean by prior fix? Could you send a PR with your changes?

ssong commented 4 years ago

So this was the PR that got merged and was meant to have fixed it.

https://github.com/browserslist/browserslist-ga/pull/21

When I upgraded the packages today that I noticed that the audit warning was still there and it seems that it was upgraded to the wrong version?

Tried to find out if there had been changes to the advisory or if I mistakenly thought that v38 was the patched version but I’m a tad bit baffled.

But either way, willing to pick this one up if no one else has picked it up yet.