search

kentcdodds / nps-utils

Utilities for http://npm.im/nps (npm-package-scripts)
https://doclets.io/kentcdodds/nps-utils/master
MIT License
101 stars 23 forks source link

Security vulnerability in `concurrently` -> `tree-kill` #44

Open twalker opened 4 years ago

twalker commented 4 years ago

A security vulnerability has recently been reported for a nested dependency: nps-utils> concurrently > tree-kill https://npmjs.com/advisories/1432

Concurrently has updated it's dependencies to address the vulnerability: https://github.com/kimmobrunfeldt/concurrently/releases/tag/v5.0.2

Updating to concurrently@v5.0.2 ought to remediate the vulnerability. I attempted to do so in a fork, but tests fail for me so I can't confidently make the updates.

Thank you for this great project along with nps, it's really brought clarity to npm scripts in my projects.