We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Found via npm audit in electron apps repo.
npm audit
Low / Prototype pollution Package: lodash Patched in: >=4.17.5 Dependency of get-image-colors [dev] Path: get-image-colors > get-svg-colors > cheerio > lodash More info: https://nodesecurity.io/advisories/577
Looks like a release which bumped cheerio requirement to >= 1.0.0-rc.1 + bumping get-svg-colors' own lodash requirement would resolve this.
1.0.0-rc.1
The text was updated successfully, but these errors were encountered:
Thanks!
Sorry, something went wrong.
I just installed @dependabot on this repo. Let's see if we get a lodash PR soon...
This should be resolved by #6 and #9, but the semantic release failed.
I opened an issue here: semantic-release/semantic-release#962
New version 1.5.1 released! Updating get-image-colors now.
get-image-colors
Successfully merging a pull request may close this issue.
Found via
npm audit
in electron apps repo.Looks like a release which bumped cheerio requirement to >=
1.0.0-rc.1
+ bumping get-svg-colors' own lodash requirement would resolve this.The text was updated successfully, but these errors were encountered: