We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Our project flagged a Security Vulnerability in the underscore dependency jashkenas/underscore#2915 which is hoisted via spritesheet-templates.
The current package.json uses "underscore": "~1.4.2". The fix for the underscore vulnerability is in versions 1.12.1,1.13.0-2.
The semantic versioning allows us to upgrade patch versions but for this particular fix, we will need a minor version upgrade to get to 1.13.1
Is it possible to change this dependency to "underscore": "^1.4.2" to allow minor version upgrades as well?
The text was updated successfully, but these errors were encountered:
I prefer to stick to ~ because some libraries have introduced breaking changes in minor upgrades =/
~
That being said, I'll gladly accept a PR to bump vulnerable dependencies at any time =)
Sorry, something went wrong.
Added Pull Request #61
This has been patched and released via #61 in 10.5.1
10.5.1
No branches or pull requests
Our project flagged a Security Vulnerability in the underscore dependency jashkenas/underscore#2915 which is hoisted via spritesheet-templates.
The current package.json uses "underscore": "~1.4.2". The fix for the underscore vulnerability is in versions 1.12.1,1.13.0-2.
The semantic versioning allows us to upgrade patch versions but for this particular fix, we will need a minor version upgrade to get to 1.13.1
Is it possible to change this dependency to "underscore": "^1.4.2" to allow minor version upgrades as well?
The text was updated successfully, but these errors were encountered: