Closed sarahmmcb closed 2 years ago
Your lockfile. I recommend researching how lockfiles work.
@phated There is a security vulnerability in "copy-props": "^2.0.1" which is used in gulp-cli@2.3.0 package. copy-props 2.0.5 is available and it does not have any security vulnerability. Is there any plan to update it. I see many tickets related to this is asked and closed as Spam.
Hi, I'm a bit new to this, so I apologize if this turns out to be 'noise.' My project is currently flagging
copy-props@2.0.4
as a vulnerability. It listsgulp-cli@2.3.0
as the only package dependent on this (included because I am usinggulp@4.0.2
). Github has informed me that the fix is in version 2.0.5. I viewed your package.json, and it lists"copy-props": "^2.0.1"
. Do you know why it might be installing version 2.0.4 instead of version 2.0.5 or higher? Thank you.