New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
security vulnerability with using old version of underscore.string #310
Comments
I ran into this using Snyk this week as well. I submitted a PR to update the package.json to use a non vulnerable version of argparse. |
We are affected by this issue as well - remarkable being dependency of grafana. Any chances of getting this merged & released in foreseeable future? |
Chiming in from downstream - this is a concern for us over at Swagger UI as well (cc swagger-api/swagger-ui#5152) |
The |
@opatut could you do a pull request to upgrade argparse to 1.0.0? |
There you go ;) Bumped to 1.0.10 because -- why not? There are no reported breaking changes. I ran the tests, they are green. |
Haha I just realized there are now 4 different PRs for that. One of them also fixed all the travis testing hikkup, so you might want to merge that one (#323) and get this thing green again. |
When should we expect an updated release for this? |
When can we expect an update release for this ? |
✗ High severity vulnerability found on underscore.string@2.4.0
The text was updated successfully, but these errors were encountered: