Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

High vulnerability in dot-prop dependency #642

Closed
Jagget opened this issue Jul 30, 2020 · 1 comment
Closed

High vulnerability in dot-prop dependency #642

Jagget opened this issue Jul 30, 2020 · 1 comment
Labels
bug

Comments

@Jagget
Copy link

Jagget commented Jul 30, 2020

=== npm audit security report ===

  High            Prototype Pollution

  Package         dot-prop

  Patched in      >=5.1.1

  Dependency of   standard-version

  Path            standard-version >
                  conventional-changelog-conventionalcommits > compare-func >
                  dot-prop

  More info       https://npmjs.com/advisories/1213
@Jagget Jagget added the bug label Jul 30, 2020
@kolbma
Copy link

kolbma commented Aug 1, 2020

Jep. conventional-changelog-conventionalcommits needs update from 4.3.0 to 4.3.1

@McAllaster McAllaster mentioned this issue Aug 4, 2020
Closed
@McAllaster McAllaster mentioned this issue Aug 13, 2020
Merged
1 task
@Jagget Jagget closed this as completed Aug 24, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix(deps): bump conventionalcommits to 4.3.1
2 participants
@Jagget @kolbma