Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Upgrade cross-spawn to version 6.0.6 or greater #199

Open
trystendsmyth opened this issue Jan 31, 2025 · 5 comments · May be fixed by #200
Open

Upgrade cross-spawn to version 6.0.6 or greater #199

trystendsmyth opened this issue Jan 31, 2025 · 5 comments · May be fixed by #200

Comments

@trystendsmyth
Copy link

A current dependency is cross-spawn 5.x, which is subject to a regular expression DoS attack. This triggers a "high" vulnerability alert when doing an npm audit. Please update this dependency to a patched version that passes an audit.
@JounQin
Copy link
Member

JounQin commented Jan 31, 2025

PR welcome.

@trystendsmyth trystendsmyth linked a pull request Jan 31, 2025 that will close this issue
Open
@trystendsmyth
Copy link
Author

@JounQin anything else needed to get the associated PR merged? Thanks!

@JounQin
Copy link
Member

JounQin commented Feb 5, 2025

@trystendsmyth Sorry I didn't notice that PR previously, the CI is failing.

@trystendsmyth
Copy link
Author

@trystendsmyth Sorry I didn't notice that PR previously, the CI is failing.

@JounQin I fixed things! Thanks 😄

@trystendsmyth
Copy link
Author

@trystendsmyth Sorry I didn't notice that PR previously, the CI is failing.

@JounQin I fixed things! Thanks 😄

@JounQin additional dependencies updated. Cheers 👍

# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

chore(deps): update dependency @changesets/read to ^0.6.2 trystendsmyth/changesets-gitlab
2 participants
@JounQin @trystendsmyth