colbymorrison
commented
4 years ago From what I can see, the vulnerable versions of kind-of are only used by our dev-dependencies, not our direct dependencies. So, this is not a critical issue.
Open whaber opened 4 years ago
colbymorrison
commented
4 years ago From what I can see, the vulnerable versions of kind-of are only used by our dev-dependencies, not our direct dependencies. So, this is not a critical issue.
Upgrade kind-of dependency as the current versions in use (3.2.2, 4.0.0) have security vulnerabilities (Improper Input Validation in utils-extend, Type checking vulnerability in kind-of, etc)
https://www.npmjs.com/package/kind-of - the latest version is 6.0.3