search

dominique-mueller / hugo-installer

Installs hugo into your repository.
https://www.npmjs.com/package/hugo-installer
MIT License
21 stars 4 forks source link

Update semver #57

Open csparker247 opened 11 months ago

csparker247 commented 11 months ago

I've been using the Doks theme in my project and just got the following warning from Dependabot.

@hyas/doks-core@1.0.7 requires semver@7.3.x via a transitive dependency on hugo-installer@4.0.1

It links to this vulnerability. Since I don't really know your code base, I thought I'd ask if it's a problem to update semver to >= 7.5.2?

h-enk commented 10 months ago

@dominique-mueller, if you have some time, would you mind bumping the dependencies to their latest versions? Thanks in advance!

h-enk commented 8 months ago

For a quick fix, use overrides in your project's package.json:

  "overrides": {
    "semver": "^7.5.4"
  },
csparker247 commented 8 months ago

In case anyone is a Node noob like me, I needed to run npm install again to update package-lock.json with the override. Works, though.