You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
One of the dependencies of 1.6.* has a security vulnerability that GitHub constantly warns about. It's not in 2.* - it's disparity.
Unfortunately, the fix to diff was incorrectly applied to disparity as a new major, instead of as a minor, meaning its downstreams aren't updating, so the "fix" isn't in place.
Can a user of 1.6.* use 2.*?
Could ... could I talk you into patching and publishing a new 1.6? It's just a version bump, and nyc / ava are throwing security faults on this.
The text was updated successfully, but these errors were encountered:
It seems that the only difference was a88de2c.
If I had to guess, the major version was bumped because it increased minimum nodejs version from 0.8 to 6.0
One of the dependencies of 1.6.* has a security vulnerability that GitHub constantly warns about. It's not in 2.* - it's
disparity
.Unfortunately, the fix to
diff
was incorrectly applied todisparity
as a new major, instead of as a minor, meaning its downstreams aren't updating, so the "fix" isn't in place.Can a user of 1.6.* use 2.*?
Could ... could I talk you into patching and publishing a new 1.6? It's just a version bump, and
nyc
/ava
are throwing security faults on this.The text was updated successfully, but these errors were encountered: