Medium severity vuln found in mem@1.1.0, introduced via yargs@11.1.0

zkat / npx

execute npm package binaries (moved)

https://github.com/npm/npx

Other

2.63k stars 105 forks source link

Medium severity vuln found in mem@1.1.0, introduced via yargs@11.1.0 #206

Open trollepierre opened 6 years ago

trollepierre commented 6 years ago

✗ Medium severity vuln found in mem@1.1.0, introduced via libnpx@10.2.0 Description: Denial of Service (DoS) Info: https://snyk.io/vuln/npm:mem:20180117 From: libnpx@10.2.0 > yargs@11.1.0 > os-locale@2.1.0 > mem@1.1.0

eric-holmes commented 5 years ago

+1 for this!

rfultz commented 5 years ago

Any chance of seeing an update to use yars@^12.0.2 (to get to os-locale 3 and then to mem 3)?