Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update transitive dependency mkdirp to 0.5.3 #514

Open
pastelmind opened this issue Mar 18, 2020 · 1 comment
Open

Update transitive dependency mkdirp to 0.5.3 #514

pastelmind opened this issue Mar 18, 2020 · 1 comment

Comments

@pastelmind
Copy link

pastelmind commented Mar 18, 2020
edited
Loading

snap-shot-it depends on snap-shot-core, which depends on mkdirp. Version 0.5.2 of mkdirp used to depend on minimist 0.0.8, which was recently marked as vulnerable by CVE-2020-7598. mkdirp 0.5.3 has recently been released to address the issue while maintaining backwards compatibility (mkdirp 1.x line has incompatible API).

Could you please update mkdirp to 0.5.3?

I also considered creating this issue in snap-shot-core's repo, but since I use snap-shot-it, I thought it would be better to post this here.
@pastelmind pastelmind changed the title Update transitive dependency mkdirp 0.5.2 Update transitive dependency mkdirp to 0.5.3 Mar 18, 2020
@Jolg42
Copy link

Jolg42 commented Apr 22, 2020

Indeed, @bahmutov could you merge this? bahmutov/snap-shot-core#328 😃

@Jolg42 Jolg42 mentioned this issue Apr 22, 2020
Closed
@xirzec xirzec mentioned this issue Feb 1, 2021
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Jolg42 @pastelmind