This repository has been archived by the owner on Nov 16, 2023. It is now read-only.
Dependabot security update #58
Labels
dependencies
Pull requests that update a dependency file
Comments
DawnmarieDesJardins
added
the
dependencies
|
Closing issue. Lab has been removed until it can be updated, this no longer applies. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Received this security alert - labeling as a dependency issue for next update.
Dependabot cannot update this dependency
View details about this error or learn more about Dependabot security updates.
1 dot-prop vulnerability found in …/cli/package-lock.json 9 days ago
Remediation
Upgrade dot-prop to version 5.1.1 or later. For example:
"dependencies": {
"dot-prop": ">=5.1.1"
}
or…
"devDependencies": {
"dot-prop": ">=5.1.1"
}
Always verify the validity and compatibility of suggestions with your codebase.
Details
CVE-2020-8116
high severity
Vulnerable versions: < 5.1.1
Patched version: 5.1.1
Prototype pollution vulnerability in dot-prop npm package version 5.1.0 and earlier allows an attacker to add arbitrary properties to JavaScript language constructs such as objects.
The text was updated successfully, but these errors were encountered: