search

sparrell / SbomPoc-sFractal

webserver with status of SBOM Poc
MIT License
2 stars 5 forks source link

Fix dependabot alert #67

Open sparrell opened 4 years ago

sparrell commented 4 years ago

see https://github.com/sparrell/TwinklyHaHa/network/alert/assets/package-lock.json/serialize-javascript/open.

Fix this issue on twinklyHaha and see if on twinklyMaha as well and fix there. Ditto sbompoc

Dependabot cannot update serialize-javascript to a non-vulnerable version The latest possible version that can be installed is 2.1.2 because another dependency is locking serialize-javascript to a vulnerable version range.

The earliest fixed version is 3.1.0.

CVE-2020-7660

sigu commented 3 years ago

Updated mix and npm deps for