Dependabot alerts #14

crivasestrada · 2021-10-06T15:53:21Z

Hi,
I would like to make a request about vulnerabilities detect in the security scan.
I have clone this repository and I haved passed a security scan. The Dependabot alerts show 3 vulnerabilities related to dependencies version included in the package-lock.json:

path-parse version 1.0.6 --> fixed vulnerability in version 1.0.7 or later
@actions/core version 1.2.1-->fixed vulnerability in version 1.2.6 or later
minimist version 0.0.8 --> fixed vulnerability in version 0.2.1 or later

Please, I would like to know if there is any plan to upgrade these dependencies version in orden to eliminate le vulnerabilities.

Thanks in advanced

garrytrinder · 2021-11-05T23:39:10Z

Thank you @crivasestrada we will definitely look to resolve these vulnerabilities.

garrytrinder · 2021-11-07T21:16:12Z

Thank you for raising this issue @crivasestrada 👍🏻

We have just released a new version, v2.0.1, that addresses these vulnerabilities.

garrytrinder self-assigned this Nov 5, 2021

garrytrinder mentioned this issue Nov 7, 2021

Updates dependencies #15

Merged

garrytrinder closed this as completed in #15 Nov 7, 2021

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Dependabot alerts #14

Dependabot alerts #14

crivasestrada commented Oct 6, 2021

garrytrinder commented Nov 5, 2021

garrytrinder commented Nov 7, 2021

Dependabot alerts #14

Dependabot alerts #14

Comments

crivasestrada commented Oct 6, 2021

garrytrinder commented Nov 5, 2021

garrytrinder commented Nov 7, 2021