hensansi
commented
2 years ago Hey, I created this PR and I hope I followed all the guidelines. I only updated the @mapbox/node-pre-gyp dependency and run npm i --package-lock-only
Closed hensansi closed 2 years ago
hensansi
commented
2 years ago Hey, I created this PR and I hope I followed all the guidelines. I only updated the @mapbox/node-pre-gyp dependency and run npm i --package-lock-only
hensansi
commented
2 years ago More information can be found here https://snyk.io/vuln/npm:tar@6.1.0
hensansi
commented
2 years ago Actually my mistake I just noticed that I probably just need to update my yarn.lock, https://snyk.io/test/npm/@mapbox/node-pre-gyp/1.0.2?tab=dependencies
jeremyVignelles
commented
2 years ago This is probably still needed because when I run npm install bcrypt, it still picks @mapbox/node-pre-gyp@1.0.0 by default.
Could you reopen this ?
https://github.blog/2021-09-08-github-security-update-vulnerabilities-tar-npmcli-arborist/