Skip to content
This repository has been archived by the owner on Dec 5, 2022. It is now read-only.

Commit

Permalink
update rgb2hex (#379)
Browse files Browse the repository at this point in the history 
rgb2hex is subject to a RegExp-based Denial of Service vulnerability in
versions prior to 0.1.6. Update package-lock.json so `npm ci` and
friends install a safe version. No idea if electron is vulnerable to
anything remotely resembling a realistic attack based on this deep
dependency, but why bother looking into it when you can just update and
move on with life?

Refs: https://snyk.io/vuln/npm:rgb2hex:20180429
  • Loading branch information
@Trott @ckerr
Trott authored and ckerr committed Jul 12, 2018
1 parent 94634f5 commit 1378ca6
Showing 1 changed file with 3 additions and 4 deletions.
7 changes: 3 additions & 4 deletions package-lock.json
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

0 comments on commit 1378ca6

Please sign in to comment.