Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Please read regarding NPM "vulnerability" report #6

Open
jonschlinkert opened this issue Jul 12, 2019 · 1 comment
Open

Please read regarding NPM "vulnerability" report #6

jonschlinkert opened this issue Jul 12, 2019 · 1 comment

Comments

@jonschlinkert
Copy link
Owner

tldr; This was fixed. NPM is outdated. Use Snyk to check instead.

Please don't create issues about vulnerabilities, or pull-requests, related to mixin-deep. The library was patched, and we don't need to do any additional work here. You will automatically get the patched version by deleting node_modules and reinstalling.

However, NPM is erroneously reporting the vulnerability still. You can see that NPM is incorrect by running Snyk.

Please read this for more information on fixing the issue.
@jonschlinkert jonschlinkert pinned this issue Jul 12, 2019
This was referenced Jul 12, 2019
Closed
Open
@mkj28
Copy link

mkj28 commented Jul 19, 2019

For the people using yarn:

  1. Find mixin-deep in yarn.lock and delete it
  2. Run yarn install- that bumps mixin-deep (for example if base has mixin-deep "^1.2.0" dependency- it gets bumped to non-vulnerable 1.3.2)

@jezrsmith jezrsmith mentioned this issue Sep 2, 2019
Closed
@zachberry zachberry mentioned this issue Sep 23, 2019
Merged
@goatandsheep goatandsheep mentioned this issue Jul 8, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jonschlinkert @mkj28 and others