Closed jebarpg closed 5 months ago
first of all, for security related concerns, please follow our security policy in the future.
npm needs to be updated to a higher version
you can already make this update in your project with no change to this project since we depend on npm as a range, rather than as a specific version. this is also one of the reasons we recommend installing and running with npx rather than capturing semantic-release as a dependency in your project. in your case, your lockfile is resulting in pulling old version when there is already a fix available for this concern.
since this is already solvable without us releasing an update, I'm going to close this with the recommendation to update your lockfile or to switch to using npx instead.
first of all, for security related concerns, please follow our security policy in the future.
npm needs to be updated to a higher version
you can already make this update in your project with no change to this project since we depend on npm as a range, rather than as a specific version. this is also one of the reasons we recommend installing and running with npx rather than capturing semantic-release as a dependency in your project. in your case, your lockfile is resulting in pulling old version when there is already a fix available for this concern.
since this is already solvable without us releasing an update, I'm going to close this with the recommendation to update your lockfile or to switch to using npx instead.
Thank you for informing me. I have updated my environment as well as fixed the project I'm maintaining package.json script for updating npm to keep up to date.
Your help is much appreciated.
Cheers!
no change to this project since we depend on npm as a range, rather than as a specific version.
@travi but the range you are allowing includes a version with a known vulnerability. Why not fix the issue?
Fixed in: @6.2.1 | Exploit maturity: MEDIUM
Overview
Remediation Upgrade tar to version 6.2.1 or higher.
Seems like npm needs to be updated to a higher version to resolve this issue.