eyalbe4
commented
7 years ago @snyk-community, thank you for this PR! Can you please sign JFrog's CLA so that we can merge this?
Closed snyk-community closed 7 years ago
eyalbe4
commented
7 years ago @snyk-community, thank you for this PR! Can you please sign JFrog's CLA so that we can merge this?
prycec
commented
7 years ago Is there a plan to merge this change soon ?
eyalbe4
commented
7 years ago @prycec, since we can't merge this pull request, we'll soon implement this through a different commit.
eyalbe4
commented
7 years ago @prycec and @snyk-community, Version 2.0.8 of the bower-art-resolver package includes the change.
bower-art-resolver currently has a 2 vulnerable dependency paths, introducing 2 different types of known vulnerabilities.
This PR fixes vulnerable dependencies.
hawkdependency.requestdependency.You can see Snyk test report of this project for details.
This PR changes
Package.jsonto upgraderequestto the newer 2.74.0 version, and will fix all the vulnerabilities.You can get alerts and fix PRs for future vulnerabilities for free by watching this repo with Snyk.
Stay Secure, The Snyk Team