Security Issue, Vulnerability found on dependency #402
Comments
|
I'm not sure how to solve it, what are you suggesting? |
|
Looks like its blocked until there's a new release of https://github.com/jakejs/jake (the async version bump has been merged there but I don't see a new release cut with it jakejs/jake#408) or this happens: mde/ejs#659 |
|
Jake is a build tool, therefore, there is no real issue.
…On Sat, Apr 16, 2022, 15:56 bryopsida ***@***.***> wrote:
Looks like its blocked until there's a new release of
https://github.com/jakejs/jake or this happens: mde/ejs#659
<mde/ejs#659>
—
Reply to this email directly, view it on GitHub
<#402 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ACG7RAQGIWADJY7SUJWLVXDVFK2GRANCNFSM5TOJ3D5Q>
.
You are receiving this because you commented.Message ID:
***@***.***>
|
|
Unfortunately its set as a non dev dependency here: https://github.com/mde/ejs/blob/e4180b4fa2dd0e06d811f2c155f9d993ee9d8edd/package.json#L25 so it shows up when running npm audit which can pop up in peoples pipelines. From what I gather EJS uses it for CLI parsing: mde/ejs#645 |
|
Will be closed by mde/ejs#668 |
|
Closed in |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
@bull-board/[email protected] requires [email protected] via a transitive dependency on [email protected]
The text was updated successfully, but these errors were encountered: