sindresorhus
commented
3 years ago Closed martaProsniak closed 3 years ago
sindresorhus
commented
3 years ago sindresorhus
commented
3 years ago And to be clear: The vulnerability does not apply to Meow.
martaProsniak
commented
3 years ago Ok, sorry, Thanks for a quick reply.
ryankashi
commented
3 years ago Hi there! Sorry for the dumb question, however I am currently using a package that lists meow as one of its dependencies.
I see that you have already updated meow to properly address this security vulnerability, however the package that I am using (that lists meow as a dependancy) has not yet updated their meow version.
How would I go about correctly updating my meow dependency for my other package that lists meow as its dependancy in order to properly remove this vulnerability?
Thanks!
voxpelli
commented
3 years ago @ryankashi Do a lock file maintenance procedure, either a full npm update or I think a specific npm install foo (if foo is the package you want to have updated subdependencies for) should work. See eg: https://docs.npmjs.com/cli/v6/configuring-npm/package-locks
Hi,
could you please update trim-newlines as it has high security vulnerability?
NPM audit report:
High Regular Expression Denial of Service
Package trim-newlines
Patched in >=3.0.1 <4.0.0 || >=4.0.1
Overview trim-newlines before 3.0.1 and 4.x before 4.0.1 for Node.js has an issue related to regular expression denial-of-service (ReDoS) for the .end() method.
Remediation Upgrade to versions 3.0.1 or 4.0.1 or later
https://www.npmjs.com/advisories/1753
Thanks :)