You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Nov 16, 2023. It is now read-only.
Received this security alert - labeling as a dependency issue for next update.
Dependabot cannot update this dependency
View details about this error or learn more about Dependabot security updates.
1 dot-prop vulnerability found in …/cli/package-lock.json 9 days ago
Remediation
Upgrade dot-prop to version 5.1.1 or later. For example:
"dependencies": {
"dot-prop": ">=5.1.1"
}
or…
"devDependencies": {
"dot-prop": ">=5.1.1"
}
Always verify the validity and compatibility of suggestions with your codebase.
Details CVE-2020-8116
high severity
Vulnerable versions: < 5.1.1
Patched version: 5.1.1
Prototype pollution vulnerability in dot-prop npm package version 5.1.0 and earlier allows an attacker to add arbitrary properties to JavaScript language constructs such as objects.
The text was updated successfully, but these errors were encountered:
Received this security alert - labeling as a dependency issue for next update.
Dependabot cannot update this dependency
View details about this error or learn more about Dependabot security updates.
1 dot-prop vulnerability found in …/cli/package-lock.json 9 days ago
Remediation
Upgrade dot-prop to version 5.1.1 or later. For example:
"dependencies": {
"dot-prop": ">=5.1.1"
}
or…
"devDependencies": {
"dot-prop": ">=5.1.1"
}
Always verify the validity and compatibility of suggestions with your codebase.
Details
CVE-2020-8116
high severity
Vulnerable versions: < 5.1.1
Patched version: 5.1.1
Prototype pollution vulnerability in dot-prop npm package version 5.1.0 and earlier allows an attacker to add arbitrary properties to JavaScript language constructs such as objects.
The text was updated successfully, but these errors were encountered: