Closed kamalyzl closed 3 years ago
Hi @kamalyzl and thank you for the issue. Since the vulnerability in ini@1.3.5
was patched in ini@1.3.6
and this module uses the ^
in the version, then NPM's semver will handle downloading the correct version.
If you are still having issues, take a look at this guide for advice on ensuring NPM gets the correct version.
I'm going to close this now, but when we make other changes to the code in this module, we'll also evaluate updating the dependencies.
A security assessment was performed and vulnerabilities were found to dependency ini "^1.3.5"
It is requested to update from version ini "^1.3.5" to ini "^1.3.6" being version 2.0.0 the last stable