You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
GitHub Alerts is notifying me of a vuln on lodash < 4.17.13, which is a transitive dependency of the pinned snoowrap version.
To Reproduce
Steps to reproduce the behavior:
Run npm-why lodash (or yarn why lodash) in this project, or a project depending on snoostorm
See a transitive dependency on lodash @ 4.17.11
Expected behavior
The transitive dependency should resolve to 4.17.15, per changes from 4 days ago, released with (snoowrap 1.19.0)[https://www.npmjs.com/package/snoowrap]
System Configuration:
Using TypeScript? N
Node Version? 11.9
Snoostorm Version? ^1.1.2
Additional context
N/A
The text was updated successfully, but these errors were encountered:
Describe the bug
GitHub Alerts is notifying me of a vuln on lodash < 4.17.13, which is a transitive dependency of the pinned snoowrap version.
To Reproduce
Steps to reproduce the behavior:
npm-why lodash
(oryarn why lodash
) in this project, or a project depending on snoostormExpected behavior
The transitive dependency should resolve to 4.17.15, per changes from 4 days ago, released with (snoowrap 1.19.0)[https://www.npmjs.com/package/snoowrap]
System Configuration:
Using TypeScript? N
Node Version? 11.9
Snoostorm Version? ^1.1.2
Additional context
N/A
The text was updated successfully, but these errors were encountered: