Git Product home page Git Product logo

Comments (5)

atalie avatar atalie commented on August 26, 2024 6

The latest version of this package specifies a newer version of hosted-git-info that doesn't have the vulnerability.

Should this issue report instead be opened on eslint-plugin-import? This project specifies old versions of read-pkg and read-pkg-up. https://github.com/benmosher/eslint-plugin-import/blob/master/package.json

I checked the other packages in the dependency chain and it looked all of them had published newer versions where this would be resolved up until eslint-plugin-import.

$ npm ls hosted-git-info
-- [email protected]
-- [email protected]
-- [email protected]
-- [email protected]
-- [email protected]
-- [email protected]

from normalize-package-data.

shellscape avatar shellscape commented on August 26, 2024 2

👍 this is blocking several of our deployments right now, and we have to temporarily disable audit checking to work around it. some automated dependency alerts (or working in audit to a PR/release workflow) would probably come in handy given the number of downloads this project has.

from normalize-package-data.

nmccready avatar nmccready commented on August 26, 2024

Related: conventional-changelog/get-pkg-repo#56

from normalize-package-data.

tombrown-ibm avatar tombrown-ibm commented on August 26, 2024

Also getting this through [email protected]

Would it be best to create a 2.5.1 with this fix?

[email protected]
    [email protected]
        [email protected]
            [email protected]
                [email protected]
                    [email protected]

from normalize-package-data.

tombrown-ibm avatar tombrown-ibm commented on August 26, 2024

This has now been resolved.

This was patched in hosted-git-info - v2.8.9. Originally, this release was incorrectly recorded in the NPM vulnerability database as affected, but this has been corrected.

See npm/hosted-git-info#85 and https://www.npmjs.com/advisories/1677/versions

from normalize-package-data.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.