Closed gorner closed 1 year ago
Dependabot says our app is dependent on a vulnerable version of simple-git but:
simple-git
ember-cli-deploy-lightning-pack@4.2.2 requires simple-git@^1.57.0 via ember-cli-deploy-revision-data@1.0.0 No patched version available for simple-git
simple-git was updated to v3.3.0 in v2 of ember-cli-deploy-revision-data (https://github.com/ember-cli-deploy/ember-cli-deploy-revision-data/pull/86), no clear blocker to updating the latter here.
ember-cli-deploy-revision-data
(and yes, aware the practical risk is probably low here, we can use npm overrides etc. but still seems like best practice to update)
Dependabot says our app is dependent on a vulnerable version of
simple-git
but:simple-git
was updated to v3.3.0 in v2 ofember-cli-deploy-revision-data
(https://github.com/ember-cli-deploy/ember-cli-deploy-revision-data/pull/86), no clear blocker to updating the latter here.(and yes, aware the practical risk is probably low here, we can use npm overrides etc. but still seems like best practice to update)