search

jednano / eclint

Validate or fix code that doesn't adhere to EditorConfig settings or infer settings from existing code.
MIT License
305 stars 28 forks source link

os-locale dependency vulnerable #168

Open mcandre opened 5 years ago

mcandre commented 5 years ago

Please update the os-locale dependency in order to resolve a vulnerability in mem.

https://github.com/sindresorhus/mem/commit/da4e4398cb27b602de3bd55f746efa9b4a31702b

https://www.npmjs.com/package/os-locale

mcandre commented 5 years ago

Ah, I had mistakenly calculated the wrong source for this dependency. Looks like eclint updated os-locale and mem a while ago.

GitHub reporting does not provide the dependency chain. In fact, my old mem version is coming from eclint's version of gulp-reporter.

Please update or replace gulp-reporter.