kibertoad
commented
3 years ago @phated This is ready for review.
Closed kibertoad closed 2 years ago
kibertoad
commented
3 years ago @phated This is ready for review.
vladikoff
commented
3 years ago @tkellen are able to merge this or could you grant me access to I can fix this for grunt-cli package?
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low │ Prototype Pollution │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ ini │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ grunt [dev] │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ grunt > grunt-cli > liftoff > findup-sync > resolve-dir > │
│ │ global-modules > global-prefix > ini │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://npmjs.com/advisories/1589 │
└───────────────┴──────────────────────────────────────────────────────────────┘
tkellen
commented
3 years ago @vladikoff This project is actively maintained by @phated so I am going to defer to him on that for now. I will say that I think he is incredibly rude and standoffish and it's unclear to me why he routinely locks conversations and refuses to engage with people who make issues.
fixes #107 Since this package is being reimplemented right now, shouldn't hurt to release a new semver major resolving the security issues.