search

ember-cli-deploy / ember-cli-deploy-lightning-pack

An ember-cli-deploy plugin pack to implement a "lightning" deployment pattern
MIT License
37 stars 20 forks source link

Bump ember-cli-deploy-revision-data to v2? #91

Closed gorner closed 1 year ago

gorner commented 1 year ago

Dependabot says our app is dependent on a vulnerable version of simple-git but:

ember-cli-deploy-lightning-pack@4.2.2 requires simple-git@^1.57.0 via ember-cli-deploy-revision-data@1.0.0
No patched version available for simple-git

simple-git was updated to v3.3.0 in v2 of ember-cli-deploy-revision-data (https://github.com/ember-cli-deploy/ember-cli-deploy-revision-data/pull/86), no clear blocker to updating the latter here.

(and yes, aware the practical risk is probably low here, we can use npm overrides etc. but still seems like best practice to update)