Skip to content

Commit

Permalink
Updates resolve vulnerabilities found via npm audit
Browse files Browse the repository at this point in the history 
```
yargs-parser  <=13.1.1 || 14.0.0 - 15.0.0 || 16.0.0 - 18.1.1
Prototype Pollution - https://npmjs.com/advisories/1500
fix available via `npm audit fix --force`
Will install gulp@3.9.1, which is a breaking change
node_modules/yargs/node_modules/yargs-parser
  yargs  4.0.0-alpha1 - 12.0.5 || 14.1.0 || 15.0.0 - 15.2.0
  Depends on vulnerable versions of yargs-parser
  node_modules/yargs
    gulp-cli  >=2.0.0
    Depends on vulnerable versions of yargs
    node_modules/gulp-cli
      gulp  >=4.0.0
      Depends on vulnerable versions of gulp-cli
      node_modules/gulp

4 low severity vulnerabilities
```

there are still "low severity" vulnerabilities in yargs-parser used by gulp, which doesn't have an attack vector: gulpjs/gulp#2438 (comment)
  • Loading branch information
Gaeel Bradshaw committed Apr 29, 2021
1 parent 277b90d commit 41fc255
Show file tree
Hide file tree
Showing 2 changed files with 9,347 additions and 3,244 deletions.

0 comments on commit 41fc255

Please sign in to comment.