Skip to content
This repository has been archived by the owner on Sep 22, 2024. It is now read-only.

Dependabot alert: y18n vulnerability found in …/ngsa-typescript/package-lock.json #647

Closed
atxryan opened this issue Mar 31, 2021 · 2 comments · Fixed by #648
Closed

Dependabot alert: y18n vulnerability found in …/ngsa-typescript/package-lock.json #647

atxryan opened this issue Mar 31, 2021 · 2 comments · Fixed by #648
Assignees
@atxryan
Labels
Bug Something isn't working

Comments

@atxryan
Copy link
Member

atxryan commented Mar 31, 2021
edited
Loading

High Severity dependency vulnerability: https://github.com/retaildevcrews/ngsa/security/dependabot/spikes/ngsa-typescript/package-lock.json/y18n/open
@atxryan atxryan added the Bug Something isn't working label Mar 31, 2021
@atxryan atxryan self-assigned this Mar 31, 2021
@atxryan
Copy link
Member Author

atxryan commented Mar 31, 2021

This spike includes gulp and gulp-cli which includes a dependency to yargs v7. However, gulp is not used anywhere in the project.

atxryan added a commit that referenced this issue Mar 31, 2021
@atxryan
Removed gulp dependency #647
a4ffc23
@atxryan atxryan mentioned this issue Mar 31, 2021
Merged
7 tasks
@atxryan
Copy link
Member Author

atxryan commented Mar 31, 2021

Not currently backported in the older major version in gulp-cli yargs/y18n#108 (comment)

atxryan added a commit that referenced this issue Mar 31, 2021
@atxryan
Removed gulp dependency #647 (#648)
e58909d
# for free to subscribe to this conversation on GitHub. Already have an account? #.
Assignees

@atxryan atxryan

Labels
Bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Removed gulp dependency #647 retaildevcrews/ngsa
1 participant
@atxryan