Closed mcandre closed 2 years ago
Update to findup-sync v4.0.0 to resolve a high severity vulnerability.
https://github.com/gulpjs/findup-sync/issues/48#issuecomment-511163133
$ npm audit ┌───────────────┬──────────────────────────────────────────────────────────────┐ │ High │ Prototype Pollution │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Package │ set-value │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Dependency of │ grunt-cli [dev] │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Path │ grunt-cli > liftoff > findup-sync > micromatch > braces > │ │ │ snapdragon > base > cache-base > set-value │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ More info │ https://npmjs.com/advisories/1012 │ └───────────────┴──────────────────────────────────────────────────────────────┘
https://github.com/js-cli/js-liftoff/pull/108
nitinsurana
commented
4 years ago nitinsurana
commented
4 years ago
Update to findup-sync v4.0.0 to resolve a high severity vulnerability.
https://github.com/gulpjs/findup-sync/issues/48#issuecomment-511163133