Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security audit fails because of hosted-git-info vulnerability #2048

Closed
mlarente opened this issue May 7, 2021 · 1 comment
Closed

Security audit fails because of hosted-git-info vulnerability #2048

mlarente opened this issue May 7, 2021 · 1 comment

Comments

@mlarente
Copy link

mlarente commented May 7, 2021

The npm security audit fails because of a hosted-git-info vulnerability. This is a dependency through the read-pkg-up package. The latest version of read-pkg-up doesn't depend on the vulnerable package.
@ljharb
Copy link
Member

ljharb commented May 7, 2021

We can never upgrade read-pkg-up, because it drops support for node versions we must support.

See #2047 which seeks to remove the dep altogether.

Duplicate of #2046.

@ljharb ljharb closed this as completed May 7, 2021
@FND FND mentioned this issue May 7, 2021
Closed
@EmiM EmiM mentioned this issue May 12, 2021
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ljharb @mlarente