Open plynchnlm opened 8 years ago
The motivation for this is that the 0.4.3 version depends on ~0.7.0 of google-cdn, which depends on package debug which pulls in a vulnerable version of ms. If a new version is tagged, then it can be referenced with bower and version 1.0.0 of google-cdn will be selected, which won't pull in the vulnerable ms.
+1 semver was also updated in google-cdn 1.0.0 (which solves some bugs around pulling beta versions of scripts)
I see google-cdn was updated (almost a year ago). Could you tag a new version that includes that change? The latest tagged version is 0.4.3 which doesn't have it.