Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings

update the lockfile to automatically remove the high severity vulnerability introduced in @haul-bundler/core #765

Open

Description

Hi, @zamotany, I have reported a vulnerability issue in package terminal-kit.

As far as I am aware, vulnerability(high severity) SNYK-JS-TREEKIT-1077068 detected in package tree-kit(<0.7.0) is directly referenced by terminal-kit@1.49.3, on which your package @haul-bundler/core@0.23.0 directly depends. As such, this vulnerability can also affect @haul-bundler/core@0.23.0 via the following path:
@haul-bundler/core@0.23.0 ➔ terminal-kit@1.49.3 ➔ tree-kit@0.6.2(vulnerable version)

Since terminal-kit has released a new patched version terminal-kit@1.49.4 to resolve this issue (terminal-kit@1.49.4 ➔ tree-kit@0.7.0(fix version)), then this vulnerability patch can be automatically propagated into your project only if you update your lockfile. The following is your new dependency path :
@haul-bundler/core@0.23.0 ➔ terminal-kit@1.49.4 ➔ tree-kit@0.7.0(vulnerability fix version).

dependency path

A warm tip.^_^
Best regards,

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type
    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

      Relationships

      None yet

      Development

      No branches or pull requests

      Issue actions

        AltStyle によって変換されたページ (->オリジナル) /