Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Remove vulnerable update-notifier dependency #569

Open
mhassan1 opened this issue Jul 11, 2022 · 0 comments
Open

Remove vulnerable update-notifier dependency #569

mhassan1 opened this issue Jul 11, 2022 · 0 comments

Comments

@mhassan1
Copy link

update-notifier@5 has a transitive dependency on got@9, which has an open vulnerability that will not be backported. See https://snyk.io/test/npm/sassdoc/2.7.4#SNYK-JS-GOT-2932019.

One potential solution: replace update-notifier with simple-update-notifier (nodemon has done that: remy/nodemon#2033).
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@mhassan1