Skip to content

Fix security vulnerability by upgrading lib #8

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Fix security vulnerability by upgrading lib #8

wants to merge 1 commit into from

Conversation

@dchambers
Copy link

@RDIL
Copy link

RDIL commented Nov 15, 2019

@jonschlinkert this is urgent, please merge when you can

@finppp
Copy link

finppp commented Jan 21, 2020

Please fix this
Thanks

@jonschlinkert
Copy link
Owner

Thanks for the PR, but this isn't necessary. 3.0.1 is automatically used by semver. I will merge when we have other changes to make on this library.

@dchambers
Copy link
Author

Thanks for the PR, but this isn't necessary. 3.0.1 is automatically used by semver. I will merge when we have other changes to make on this library.

Agree that for new installs this will normally be the practical upshot, but I think security tooling will continue to see potential risks since there will always be edge cases (depending on your setup) where this may not happen in practice.

That said, I personally can live with ignoring the security warnings for a while longer 👍

@finppp
Copy link

finppp commented Jan 21, 2020

Looks like the chain that was following linked to this package/pr: jonschlinkert/cache-base#12

Thanks for getting back to me though!
Finlay

@jimmywarting jimmywarting mentioned this pull request Aug 7, 2021
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@dchambers @RDIL @finppp @jonschlinkert