NPM audit reports low vulnerability in dependencies

conventional-changelog / standard-version

:trophy: Automate versioning and CHANGELOG generation, with semver.org and conventionalcommits.org

ISC License

7.7k stars 797 forks source link

NPM audit reports low vulnerability in dependencies #592

Open LoganDupont opened 4 years ago

LoganDupont commented 4 years ago

Paths:

standard-version > git-semver-tags > meow > yargs-parser
standard-version > conventional-recommended-bump > meow > yargs-parser
standard-version > conventional-recommended-bump > git-semver-tags > meow > yargs-parser

More info https://npmjs.com/advisories/1500

saadjutt01 commented 4 years ago

Low : Prototype Pollution Package : yargs-parser Patched in : >=13.1.2 <14.0.0 || >=15.0.1 <16.0.0 || >=18.1.2 Dependency of : standard-version [dev] on console.

timbru31 commented 4 years ago

Both conventional-recommended-bump@6.0.9 and git-semver-tags@4.0.0 already have been released - we just need a review and merge of their dependency PRs: #588 #598

Can someone please take care of this and release a new version? The PRs are open since >1 month now...

jbottigliero commented 4 years ago

Hi, we've published 8.0.1 which includes updates for both of these dependencies.

nmccready commented 3 years ago

Any updates please?