Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

high severity vulnerability #107

Closed
mcandre opened this issue Jul 18, 2019 · 1 comment · Fixed by #118
Closed

high severity vulnerability #107

mcandre opened this issue Jul 18, 2019 · 1 comment · Fixed by #118

Comments

@mcandre
Copy link

mcandre commented Jul 18, 2019

Update to findup-sync v4.0.0 to resolve a high severity vulnerability.

gulpjs/findup-sync#48 (comment)

$ npm audit
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High          │ Prototype Pollution                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ set-value                                                    │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ grunt-cli [dev]                                              │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ grunt-cli > liftoff > findup-sync > micromatch > braces >    │
│               │ snapdragon > base > cache-base > set-value                   │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://npmjs.com/advisories/1012                            │
└───────────────┴──────────────────────────────────────────────────────────────┘
@nitinsurana
Copy link

#108

@gulpjs gulpjs deleted a comment from mcandre May 5, 2020
@gulpjs gulpjs locked and limited conversation to collaborators May 5, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
2 participants