Skip to content

Commit 176c4a6

Browse files
alexbrazieralexbrazier
authoredJul 5, 2022
fix: Replace update notifier with simplified deps (#2033)
Closes #1961 Closes #2028 - Fixes security issue with got (CVE-2022-33987) - Replace update-notifier with simple-update-notifier which does the same thing but has one dependency (semver) rather than several - Same caching settings as update-notifier Congratulations and thanks to @alexbrazier 👏 🥇 ❤️
·
v3.1.9v2.0.19
1 parent 8db5f7c commit 176c4a6

File tree

3 files changed

+61
-480
lines changed

3 files changed

+61
-480
lines changed
 

‎bin/nodemon.js

+1-1
Original file line numberDiff line numberDiff line change
@@ -12,5 +12,5 @@ const fs = require('fs');
1212
const pkg = JSON.parse(fs.readFileSync(__dirname + '/../package.json'));
1313

1414
if (pkg.version.indexOf('0.0.0') !== 0 && options.noUpdateNotifier !== true) {
15-
require('update-notifier')({ pkg }).notify();
15+
require('simple-update-notifier')({ pkg });
1616
}

‎package-lock.json

+58-477
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

‎package.json

+2-2
Original file line numberDiff line numberDiff line change
@@ -63,10 +63,10 @@
6363
"minimatch": "^3.0.4",
6464
"pstree.remy": "^1.1.8",
6565
"semver": "^5.7.1",
66+
"simple-update-notifier": "^1.0.7",
6667
"supports-color": "^5.5.0",
6768
"touch": "^3.1.0",
68-
"undefsafe": "^2.0.5",
69-
"update-notifier": "^5.1.0"
69+
"undefsafe": "^2.0.5"
7070
},
7171
"version": "0.0.0-development",
7272
"funding": {

0 commit comments

Comments
 (0)
Please sign in to comment.