weinand
commented
4 years ago Thanks. Please note that the DAP is not an npm module but just a JSON schema. Using this schema does not add any dependencies.
Closed 0Steve0 closed 4 years ago
weinand
commented
4 years ago Thanks. Please note that the DAP is not an npm module but just a JSON schema. Using this schema does not add any dependencies.
weinand
commented
4 years ago @0Steve0 where do you see the security alert? I cannot find any dependency on mkdirp ^0.5.1.
0Steve0
commented
4 years ago it's vscode-debugadapter(1.38) that depends on mkdirp(0.5.1) which using minimist(0.0.8).
Debug adapter protocol depends on mkdirp ^0.5.1, which has dependency on minimist 0.0.8. Recently, there is a securtiy vulnerability found in minisist 0.0.8, please refer to VS Code April 2020 for more details