Skip to content
This repository has been archived by the owner on Sep 6, 2023. It is now read-only.

Dependency Security Issues #202

Closed
4 tasks
DiscoverSquishy opened this issue Apr 18, 2020 · 4 comments
Closed
4 tasks

Dependency Security Issues #202

DiscoverSquishy opened this issue Apr 18, 2020 · 4 comments
Labels
dependencies Pull requests that update a dependency file security security bug related to anything

Comments

@DiscoverSquishy
Copy link
Contributor

DiscoverSquishy commented Apr 18, 2020
edited
Loading

According to Dependabot there has been a few security alerts regarding dependancies in yarn.lock

The following are:

  • minimist
  • acorn
  • kind-of
  • lodash

Sorted by severity level.
@DiscoverSquishy DiscoverSquishy added dependencies Pull requests that update a dependency file security security bug related to anything labels Apr 18, 2020
@aneagoie
Copy link
Member

Feel free to update the packages with a PR: https://classic.yarnpkg.com/en/docs/cli/audit/

@phat-marc
Copy link
Contributor

I am busy looking into this right now.

@phat-marc
Copy link
Contributor

Updates done. See PR #211

@DiscoverSquishy
Copy link
Contributor Author

Thanks a bunch @phat-marc.
Your work is highly appreciated.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file security security bug related to anything
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@aneagoie @DiscoverSquishy @phat-marc