Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bumpt nconf CVE-2020-7774 #1105

Closed
wants to merge 4 commits into from
Closed

Conversation

thenengah
Copy link
Contributor

@thenengah thenengah commented May 24, 2021

#1106

npm upgrade - Update y18n to fix Prototype-Pollution (High) (CVE-2020-7774)
This is a vulnerability in the y18n npm module which may be exploited by prototype pollution. You can read more about it in GHSA-c4w7-xm78-47vh

Impacts:

All versions of the 14.x, 12.x and 10.x releases lines

@thenengah
Copy link
Contributor Author

@indexzero Can we merge this into master?

@kibertoad
Copy link
Contributor

@thenengah As you can see, this breaks compatibility with older Node versions that are currently supported. Is there a less disruptive way to address the issue?

@thenengah thenengah closed this May 31, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants