search

shinate / gulp-version-number

Add version number to js/css/image in HTML
MIT License
24 stars 19 forks source link

High vulnerability for dependency: fs-path #5

Open andzejsw opened 6 years ago

andzejsw commented 6 years ago

High Command Injection Package fs-path Patched in No patch available Dependency of gulp-version-number Path gulp-version-number > fs-path More info https://nodesecurity.io/advisories/661

dippas commented 5 years ago

I'm having this too due to gulp-util being deprecated, can this be fixed, by using updated/alternative packages?

S-n-d commented 5 years ago

Any update on this? This gulp plugin is perfect but impossible to use due to high risk.

LC43 commented 4 years ago

if anyone still out there, i've made a PR to fix this. Please have a look and improve it if you can. See #13. thanks! PS: If you want to fix the audit for this packaging using old gulp, check #14 ;)