Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(package): update dependencies #73

Merged
merged 2 commits into from
Dec 19, 2019
Merged

fix(package): update dependencies #73

merged 2 commits into from
Dec 19, 2019

Conversation

Thomaash
Copy link
Member

There is a vulnerability in npm:

Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package was installed globally and created a serve binary, any subsequent installs of packages that also create a serve binary would overwrite the previous serve binary.

It was necessary to update more than just npm so I took the liberty of updating everything.

@Thomaash Thomaash requested a review from a team December 19, 2019 21:31
@Thomaash Thomaash changed the title Fix npm vulnerability fix(package): update dependencies Dec 19, 2019
@Thomaash Thomaash merged commit 09adb78 into master Dec 19, 2019
@vis-bot
Copy link
Collaborator

vis-bot commented Dec 19, 2019

🎉 This PR is included in version 2.0.2 🎉

The release is available on:

Your semantic-release bot 📦🚀

@yotamberk yotamberk deleted the fix-npm-vulnerability branch December 21, 2019 19:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants