Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dependabot alert: y18n vulnerability found in …/ngsa-typescript/package-lock.json #647

Closed
atxryan opened this issue Mar 31, 2021 · 2 comments · Fixed by #648
Closed

Dependabot alert: y18n vulnerability found in …/ngsa-typescript/package-lock.json #647

atxryan opened this issue Mar 31, 2021 · 2 comments · Fixed by #648
Assignees
@atxryan
Labels
Bug Something isn't working

Comments

@atxryan
Copy link
Member

atxryan commented Mar 31, 2021
edited

High Severity dependency vulnerability: https://github.com/retaildevcrews/ngsa/security/dependabot/spikes/ngsa-typescript/package-lock.json/y18n/open
@atxryan atxryan added the Bug Something isn't working label Mar 31, 2021
@atxryan atxryan self-assigned this Mar 31, 2021
@atxryan
Copy link
Member Author

atxryan commented Mar 31, 2021

This spike includes gulp and gulp-cli which includes a dependency to yargs v7. However, gulp is not used anywhere in the project.

atxryan added a commit that referenced this issue Mar 31, 2021
@atxryan
Removed gulp dependency #647
a4ffc23
@atxryan atxryan mentioned this issue Mar 31, 2021
Merged
7 tasks
@atxryan
Copy link
Member Author

atxryan commented Mar 31, 2021

Not currently backported in the older major version in gulp-cli yargs/y18n#108 (comment)

atxryan added a commit that referenced this issue Mar 31, 2021
@atxryan
Removed gulp dependency #647 (#648)
e58909d
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@atxryan atxryan

Labels
Bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Removed gulp dependency #647 retaildevcrews/ngsa
1 participant
@atxryan