You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
per https://npmjs.com/advisories/1213 dot-prop versions prior to 5.1.1 have a prototype pollution vulnerability. It has been patched >=5.1.1. config-store has been updated to the newer dot-prop version.
The text was updated successfully, but these errors were encountered:
zenlex
changed the title
dot-prop dependency needs updating
config-store dependency needs updating
Jul 31, 2020
So I could be wrong - I’m fairly new to the whole package management /npm ecosystem....this was brought up by a security vulnerability thrown by the gatsby-cli related to dot-prop, update-notifier, configurable-store. When I tried to trace the problem there was an issue filed on one of the other packages that said the dependency issue landed here so I made the issue. When I took another look at the package.json file here though it looked like the version had already been updated to the recommended spec. That led me to think I had made an error in filing the issue so I closed it. If I’m correct it’s actually gatsby that now was behind on the update to the chain but again I’m new to this.
per https://npmjs.com/advisories/1213 dot-prop versions prior to 5.1.1 have a prototype pollution vulnerability. It has been patched >=5.1.1. config-store has been updated to the newer dot-prop version.
The text was updated successfully, but these errors were encountered: