fixes gh-26 CVE-2020-7788

jonschlinkert / global-prefix

Get the npm global path prefix. Same code used internally by npm.

MIT License

28 stars 12 forks source link

fixes gh-26 CVE-2020-7788 #27

Closed goatandsheep closed 2 years ago

goatandsheep commented 3 years ago

updated ini to 1.3.8

fixes #26

CVE-2020-7788

phated commented 3 years ago

Hey @goatandsheep - the caret (^) in the semver range actually means you will already get that bugfix patch! You just need to remove your lockfile and reinstall your dependencies.

goatandsheep commented 3 years ago

thanks @phated for the reply. but this really makes sure that libraries that depend on this are updated. are there any issues with this PR?

phated commented 3 years ago

No issues other than version churn for the sake of version churn. If a library depends on this, they should be following the semver convention to get patch updates. Maybe you can open an issue upstream on those.