Latest version of cli is pulling in insecure packages that have available patches #6508
Closed
3 tasks done
Labels
type: bug
code to address defects in shipped code
Describe the bug
npm/cli#7356 - the use of a shrinkwrap means that even though there are available patches for these vulnerabilities, we're not able to install them.
Current vulnerabilities:
follow-redirects
v1.15.1 (chore(deps): bump follow-redirects from 1.15.1 to 1.15.6 #6446)tar
v6.1.15 (chore(deps): bump tar from 6.1.15 to 6.2.1 #6504)word-wrap
v1.2.3 (chore(deps): bump word-wrap from 1.2.3 to 1.2.5 #5895)`npm audit` output as of 2024-04-23
Steps to reproduce
npm install netlify-cli
)npm audit
Configuration
No response
Environment
Does not matter
The text was updated successfully, but these errors were encountered: