webpro
commented
6 years ago Updated dependencies in v2.0.1
Closed bsmithb2 closed 6 years ago
lorilew
commented
5 years ago Does the version need updating so it can be released to npm?
webpro
commented
5 years ago No worries @lorilew, I use release-it for this :)
Hi,
dyson 2.0.0 has a fixed dependency on serve-favicon 2.4.3, which has a dependency on fresh 0.5.0.
Fresh versions prior to 0.52.0 have a audit vulnerability as discoverable with npm audit - https://nodesecurity.io/advisories/526
Is it possible to migrate to a version of serve-favicon greater or equal to 2.4.5? This will resolve the vulnerability.
Thanks!