Skip to content
This repository has been archived by the owner on Oct 3, 2023. It is now read-only.

Explicit versions prevent fixing npm vulnerabilities #110

Closed
m3fawner opened this issue Mar 8, 2021 · 2 comments
Closed

Explicit versions prevent fixing npm vulnerabilities #110

m3fawner opened this issue Mar 8, 2021 · 2 comments

Comments

@m3fawner
Copy link

m3fawner commented Mar 8, 2021

Lodash 4.17.20 has a reported vulnerability addressed in version 4.17.21, however, as a result of explicitly requiring 4.17.20 in Dyson, we can't effectively address the vulnerability.

Would you be against having all of the packages have the appropriate semantic modifiers?
@webpro
Copy link
Owner

webpro commented Mar 9, 2021

Good idea, I've just published v4 (major bump because of Node.js v10).

@webpro webpro closed this as completed Mar 9, 2021
@m3fawner
Copy link
Author

m3fawner commented Mar 9, 2021

Thank you!

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@webpro @m3fawner