Closed stephtr closed 5 years ago
According to CVE-2019-10747 set-value@<2.0.1 is vulnerable and should be updated, which is done by this PR.
set-value@<2.0.1
Thanks for checking that. The updated dependents still need v2, so we can't update to v3 anyhow.
According to CVE-2019-10747
set-value@<2.0.1
is vulnerable and should be updated, which is done by this PR.