update the lockfile to automatically remove the high severity vulnerability introduced in @haul-bundler/core #765
Comments
# for free
to join this conversation on GitHub.
Already have an account?
# to comment
{{ message }}
Hi, @zamotany, I have reported a vulnerability issue in package terminal-kit.
As far as I am aware, vulnerability(high severity) SNYK-JS-TREEKIT-1077068 detected in package tree-kit(<0.7.0) is directly referenced by terminal-kit@1.49.3, on which your package @haul-bundler/core@0.23.0 directly depends. As such, this vulnerability can also affect @haul-bundler/core@0.23.0 via the following path:
@haul-bundler/core@0.23.0 ➔ terminal-kit@1.49.3 ➔ tree-kit@0.6.2(vulnerable version)Since terminal-kit has released a new patched version terminal-kit@1.49.4 to resolve this issue (terminal-kit@1.49.4 ➔ tree-kit@0.7.0(fix version)), then this vulnerability patch can be automatically propagated into your project only if you update your lockfile. The following is your new dependency path :
@haul-bundler/core@0.23.0 ➔ terminal-kit@1.49.4 ➔ tree-kit@0.7.0(vulnerability fix version).A warm tip.^_^
Best regards,
The text was updated successfully, but these errors were encountered: