Bump version kind-of to 6.0.3 to fix CVE-2019-20149

jonschlinkert / global-prefix

Get the npm global path prefix. Same code used internally by npm.

MIT License

28 stars 12 forks source link

Bump version kind-of to 6.0.3 to fix CVE-2019-20149 #23

Closed adelyafatykhova closed 2 weeks ago

adelyafatykhova commented 4 years ago

Description

Due to CVE-2019-20149, a new version of kind-of has been released.

Since global-prefix uses 6.0.2, this raises security flags.

doowb commented 4 years ago

Thanks for the PR, but this isn't necessary right now. 6.0.3 will automatically be used due to the semver range. When other changes are made to this package, we'll merge it in at that time.

phated commented 2 weeks ago

I've ensured ^6.0.3 is specified in the v4.0.0 release.