[BUG] NPM vulnerabilities #86
Comments
|
See #85, the vulnerability database has just been updated. |
|
@bobvandevijver |
|
Than you have probably have a constraint somewhere as version 2, 3 and 4 have patches. You should create an issue at the package that still requires version 1. |
|
The latest version of this module has no current audit warnings $ npm audit --omit=dev
found 0 vulnerabilities |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I start to get vulnerabilities for this package.
I try to run the npm update hosted-git-info --depth 13 but is say ->
not updating hosted-git-info because it's currently at the maximum version that matches its specified semver range
Run npm update hosted-git-info --depth 13 to resolve 104 vulnerabilities
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate │ Regular Expression Denial of Service │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ hosted-git-info │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ stylelint │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ stylelint > meow > read-pkg-up > read-pkg > │
│ │ normalize-package-data > hosted-git-info │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://npmjs.com/advisories/1677 │
└───────────────┴──────────────────────────────────────────────────────────────┘
The text was updated successfully, but these errors were encountered: