Skip to content
This repository has been archived by the owner on Oct 3, 2023. It is now read-only.

dyson dependencies fail npm security audit #90

Closed
bsmithb2 opened this issue May 11, 2018 · 3 comments
Closed

dyson dependencies fail npm security audit #90

bsmithb2 opened this issue May 11, 2018 · 3 comments

Comments

@bsmithb2
Copy link

Hi,

dyson 2.0.0 has a fixed dependency on serve-favicon 2.4.3, which has a dependency on fresh 0.5.0.

Fresh versions prior to 0.52.0 have a audit vulnerability as discoverable with npm audit - https://nodesecurity.io/advisories/526

Is it possible to migrate to a version of serve-favicon greater or equal to 2.4.5? This will resolve the vulnerability.

Thanks!
@webpro
Copy link
Owner

webpro commented Jun 28, 2018

Updated dependencies in v2.0.1

@webpro webpro closed this as completed Jun 28, 2018
@lorilew
Copy link

lorilew commented Jul 18, 2019

Does the version need updating so it can be released to npm?

@webpro
Copy link
Owner

webpro commented Jul 18, 2019

No worries @lorilew, I use release-it for this :)

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@webpro @bsmithb2 @lorilew