New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Security Issue with Dependency vm2 #295
Comments
I haven't used yarn before but as far as I can see it looks like vm2 is being brought in ultimately via the version of proxy-agent dependency that is being used. I did a local test to upgrade proxy-agent to the latest version and vm2 has gone away and as far as I can see everything still works. However I could be missing something as I haven't had reason to install yarn before tonight :-) |
Thanks @deanro for looking at this. I'm just wondering what is needed to have your pull request merged into the main branch, and if there's anything we (the public) can do to help? |
@kevinappen This repository is in need of maintainers. One of the open issues (#300) is seeking maintainers. |
I tested it locally and everything looked good. I think someone just needs to approve and merge it. |
@ahester-incomm yeah, I realise that, and I didn't mean to hassle anyone unduly. I appreciate it's a voluntary thing, and everyone has other things that take precedence. I myself don't have any Node experience at all, so couldn't help directly, but I thought some people had recently put their hands up to take on the maintenance so that's why I asked if we, the general public, could help at all. |
I guess we can start by commenting on this issue more so it gets more attention. |
From snyk.
Also see GitHub issue.
The text was updated successfully, but these errors were encountered: