-
Notifications
You must be signed in to change notification settings - Fork 71
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Resolve vulnerabilities in dependencies (npmlog>gauge>ansi-regex) #163
Labels
pull request welcome
A pull request is welcome
Comments
It's too soon to be dropping Node.js 14, which upgrading npmlog would require. The CVE seems low severity in this context. I'm happy to be proven wrong, in which case I'd suggest instead replacing npmlog with something simpler. |
Closed
Can we just manually set |
Closed
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Recently npmlog released a new version (npm/npmlog#84) resolving among other things vulnerabilities in underlying dependencies (relating to https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3807). So I wanted to see if there was an effort to update npmlog in this package.
The text was updated successfully, but these errors were encountered: