dclayton-diig
commented
4 years ago FYI the build job is failing because the job builds with Node <= 6 and micromatch uses the spread operator.
Closed dclayton-diig closed 4 years ago
dclayton-diig
commented
4 years ago FYI the build job is failing because the job builds with Node <= 6 and micromatch uses the spread operator.
phated
commented
4 years ago That would make this breaking then.
Hi @tkellen / @phated
findup-sync 3.0.0 has a Prototype Pollution vulnerability that is fixed in version 4.0.0
js-liftoff is a dependency of Knex DB. We're using this in multiple production projects in a commercial environment. Please can you expedite this pull request so that w can then fix the vulnerability in Knex.
I have tested this as a non-breaking fix.
Happy to answer any questions