Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Update vulnerable dependencies trim-newlines and glob-parent #679

Open
splatteredbits opened this issue Jul 29, 2021 · 1 comment
Open

Update vulnerable dependencies trim-newlines and glob-parent #679

splatteredbits opened this issue Jul 29, 2021 · 1 comment

Comments

@splatteredbits
Copy link

splatteredbits commented Jul 29, 2021
edited
Loading

Type of issue

npm audit fails when I'm using Yo 4.2.0. Advisories 1751 in glob-parent (moderate) and 1753 in trim-newlines (high).

My environment

  • Windows 10 x64
  • Node.js 14.17.4
  • NPM 6.14.14
  • Yo 4.2.0

Expected behavior

No security vulnerabilities.

Current behavior

There are 36 vulnerabilities.

Steps to reproduce the behavior

  1. npm install yo@latest
  2. npm audit

Command line output

yo vulns.txt
@Logicer16
Copy link
Contributor

trim-newlines is a dependency of meow and was reported in #672. It should be fixed with #675.

For glob-parent though, by looking at your npm audit output, it looks like one of generators may be using an outdated version of yeoman-generator, as the issue seems to be patched in the latest version. I'd recommend looking through your generators and seeing which ones use the vulnerable version of glob-parent and then getting those generators to move to the latest version of yeoman-generator.

@nijk nijk mentioned this issue Feb 9, 2022
Open
@Logicer16 Logicer16 mentioned this issue May 27, 2023
Open
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@splatteredbits @Logicer16