Closed lbineau closed 2 years ago
Dear developers,
I'd like to report a security issue with version 1.7.7 due to the usage of "a vulnerable version of async dependency".
npm audit fix --force would actually downgrade to version 1.4.1 which is not a good solution I believe.
npm audit fix --force
Could you do another release upgrading the vulnerable dependencies?
Thank you.
Hi @lbineau, thx for your issue. I will update the dependency shortly.
The issue should be fixed with release v1.8.0 https://www.npmjs.com/package/aem-clientlib-generator
Regards
Thanks a lot.
Dear developers,
I'd like to report a security issue with version 1.7.7 due to the usage of "a vulnerable version of async dependency".
npm audit fix --force
would actually downgrade to version 1.4.1 which is not a good solution I believe.Could you do another release upgrading the vulnerable dependencies?
Thank you.