A high severity vulnerability introduced in @jupyterlab/buildutils #10818
Labels
bug
status:resolved-locked
Closed issues are locked after 30 days inactivity. Please open a new issue for related discussion.
Hi, a vulnerability CVE-2021-27290 is introduced in npm-cli-login via:
● @jupyterlab/buildutils@3.1.6 ➔ npm-cli-login@0.1.1 ➔ npm-registry-client@8.6.0 ➔ ssri@5.3.0
However, npm-cli-login is a legacy package, which has not been maintained for about 3 years.
Is it possible to migrate npm-cli-login to other package or remove it to remediate this vulnerability?
I noticed several migration records in other js repo for npm-cli-login:
● in @cloudant/cloudant, version 4.1.0 ➔ 4.1.1, remove recompose via commit
Thanks.
The text was updated successfully, but these errors were encountered: