mcollina / msgpack5

A msgpack v5 implementation for node.js, with extension points / msgpack.org[Node]
MIT License
493 stars 76 forks source link

[snyk test] newer bl is needed as a dependency #83

Closed jisoolee closed 4 years ago

jisoolee commented 4 years ago

When I run snyk test, the result shows

✗ Remote Memory Exposure [High Severity][https://snyk.io/vuln/SNYK-JS-BL-608877] in bl@2.2.0
    introduced by msgpack5@4.2.1 > bl@2.2.0
  This issue was fixed in versions: 2.2.1, 3.0.1, 4.0.3

More details: https://snyk.io/vuln/SNYK-JS-BL-608877

Could you update package.json to pick up higher version of bl?

Thank you in advance.

mcollina commented 4 years ago

You should just update your dependendencies, the current version range includes the one with the fix.