build: update configstore to include patched legacy dot-prop

yeoman / update-notifier

Update notifications for your CLI app

BSD 2-Clause "Simplified" License

1.76k stars 132 forks source link

build: update configstore to include patched legacy dot-prop #187

Closed cmdcarini closed 4 years ago

cmdcarini commented 4 years ago

This continues the work from https://github.com/yeoman/configstore/pull/72 and https://github.com/sindresorhus/dot-prop/pull/61 and updates update-notifier to include these changes.

Please merge to a branch other than master and publish to v2.5.1

ruyadorno commented 4 years ago

Given that dot-prop is a transitive dependency and the configstore declaration in the package.json file uses the caret range definition, this change is not really needed.

Any consumer of update-notifier just needs to run npm audit fix OR npm install update-notifier@2.5.0 in order to fix the vulnerability warning from dot-prop.

Thanks for the contribution! 😊