You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I am a maintainer of the firebase-tools package and we depend on exegesis. Our npm audit shows the following:
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High │ Arbitrary JavaScript Execution │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ json-ptr │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ No patch available │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ exegesis │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ exegesis > json-ptr │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://npmjs.com/advisories/1706 │
└───────────────┴──────────────────────────────────────────────────────────────┘
According to json-ptr this was fixed in version 2.1.0 or higher. The good news is that this package has already done the harder upgrade to migrate to json-ptr1.3.1 (which had an improperly SemVer-ed major change): #146
So getting to 2.1.0+ shouldn't be too bad.
The text was updated successfully, but these errors were encountered:
I am a maintainer of the
firebase-tools
package and we depend onexegesis
. Ournpm audit
shows the following:According to
json-ptr
this was fixed in version2.1.0
or higher. The good news is that this package has already done the harder upgrade to migrate tojson-ptr
1.3.1
(which had an improperly SemVer-ed major change):#146
So getting to
2.1.0+
shouldn't be too bad.The text was updated successfully, but these errors were encountered: