Closed hensansi closed 2 years ago
Hey, I created this PR and I hope I followed all the guidelines. I only updated the @mapbox/node-pre-gyp
dependency and run npm i --package-lock-only
More information can be found here https://snyk.io/vuln/npm:tar@6.1.0
Actually my mistake I just noticed that I probably just need to update my yarn.lock, https://snyk.io/test/npm/@mapbox/node-pre-gyp/1.0.2?tab=dependencies
This is probably still needed because when I run npm install bcrypt
, it still picks @mapbox/node-pre-gyp@1.0.0
by default.
Could you reopen this ?
https://github.blog/2021-09-08-github-security-update-vulnerabilities-tar-npmcli-arborist/