You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I noticed that tar-pack is using the version ^2.2.0 of debug and we should bump this version given some dependency packages of this version has well-known vulnerabilities.
I'm seeing this issue as well. Using the grpc package which depends on node-pre-gyp which depends on tar-pack. Hoping the debug bump could be pushed soon. Thanks!
I noticed that
tar-pack
is using the version^2.2.0
ofdebug
and we should bump this version given some dependency packages of this version has well-known vulnerabilities.File:
https://github.com/ForbesLindesay/tar-pack/blob/master/package.json#L14
How it should be?
Vulnerability:
[email protected] > [email protected]
https://snyk.io/vuln/npm:debug:20170905
This vulnerability is fixed in
debug
version3.1.0
Environment
node -v
: v8.7.0npm -v
: 5.5.1Steps to Reproduce
snyk
snyk test
Expected Behavior
No vulnerabilities report
Actual Behavior
I am seeing a vulnerability report related to
[email protected]
The text was updated successfully, but these errors were encountered: