You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When I npm install on the top-level, I got 8 high severity vulnerabilities warning, and with npm audit, I got:
node-gyp used tar version prior to 4.4.2, which is vulnerable to Arbitrary File Overwrite.
For reference: node-gyp updated it's tar version to the latest in this commit: nodejs/node-gyp@1456ef2. Since we're using pining dependencies, we need to watch for new lerna release. (FYI: lerna 3.13.2 doesn't help.)
The text was updated successfully, but these errors were encountered:
When I
npm installon the top-level, I got8 high severity vulnerabilitieswarning, and withnpm audit, I got:node-gypusedtarversion prior to 4.4.2, which is vulnerable to Arbitrary File Overwrite.For reference:
node-gypupdated it's tar version to the latest in this commit: nodejs/node-gyp@1456ef2. Since we're using pining dependencies, we need to watch for newlernarelease. (FYI: lerna 3.13.2 doesn't help.)The text was updated successfully, but these errors were encountered: