Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade node-notifier package to > version 8.0.1 in package-lock.json #192

Closed
palisadoes opened this issue Mar 30, 2021 · 1 comment
Closed

Upgrade node-notifier package to > version 8.0.1 in package-lock.json #192

palisadoes opened this issue Mar 30, 2021 · 1 comment
Labels
bug Something isn't working unapproved Unapproved for Pull Request

Comments

@palisadoes
Copy link
Contributor

We need to remedy the following known vulnerability: GHSA-5fw9-fq32-wv5p

GitHub cannot automatically do the required update to > 8.0.1 because:

The latest possible version that can be installed is 7.0.2 because of the following conflicting dependency:

jest@26.0.1 requires node-notifier@^7.0.0 via a transitive dependency on @jest/reporters@26.0.1
The earliest fixed version is 8.0.1.

This update needs to be implemented and tested.
@palisadoes palisadoes added the bug Something isn't working label Mar 30, 2021
@github-actions github-actions bot added the unapproved Unapproved for Pull Request label Mar 30, 2021
@palisadoes palisadoes added unapproved Unapproved for Pull Request dependencies and removed unapproved Unapproved for Pull Request labels Mar 30, 2021
@somya339
Copy link

somya339 commented Apr 1, 2021

I want to work on this issue.

somya339 added a commit to somya339/talawa-api that referenced this issue Apr 1, 2021
@somya339
Create package-lock.json
353169d 
node-notifier and netmask versions are updated from 7.0.2 to 8.0.1 and 1.0.2 to 2.0.1 respectively.
Referencing issue PalisadoesFoundation#192 and PalisadoesFoundation#191
@somya339 somya339 mentioned this issue Apr 1, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working unapproved Unapproved for Pull Request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@palisadoes @somya339