Closed davidcui1225 closed 3 years ago
Why are those considered CVEs? I didn't see any alert in the security tab of this repo
Why are those considered CVEs? I didn't see any alert in the security tab of this repo
From the ODFE Whitesourcing these are all identified as vulnerable packages of high severity
Merging #304 (09da162) into dev (837601f) will not change coverage. The diff coverage is
n/a
.
@@ Coverage Diff @@
## dev #304 +/- ##
=======================================
Coverage 77.67% 77.67%
=======================================
Files 32 32
Lines 1805 1805
Branches 353 356 +3
=======================================
Hits 1402 1402
Misses 398 398
Partials 5 5
Continue to review full report at Codecov.
Legend - Click here to learn more
Δ = absolute <relative> (impact)
,ø = not affected
,? = missing data
Powered by Codecov. Last update 837601f...09da162. Read the comment docs.
Issue #, if available: N/A Description of changes: Upgrade vulnerable package versions to address high-severity CVEs
trim
to1.0.0
doc-path
to2.1.2
y18n
to5.0.5
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.