Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade cross-spawn to resolve CVE-2024-21538 #34

Open
jeffsays opened this issue Jan 23, 2025 · 1 comment · Fixed by #35 · May be fixed by #36
Open

Upgrade cross-spawn to resolve CVE-2024-21538 #34

jeffsays opened this issue Jan 23, 2025 · 1 comment · Fixed by #35 · May be fixed by #36
Labels
dependencies Pull requests that update a dependency file

Comments

@jeffsays
Copy link
Contributor

Remediate CVE-2024-21538 - vulnerability in cross-spawn

Affected Version(s) Patched Version(s)
>= 7.0.0, < 7.0.5 7.0.5
< 6.0.6 6.0.6
@jeffsays jeffsays added the dependencies Pull requests that update a dependency file label Jan 23, 2025
@rishi0508 rishi0508 mentioned this issue Feb 3, 2025
Merged
@jeffsays
Copy link
Contributor Author

jeffsays commented Feb 4, 2025

still have a leftover v7.0.3 from #35 - reopening

@jeffsays jeffsays reopened this Feb 4, 2025
@rishi0508 rishi0508 linked a pull request Feb 4, 2025 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
1 participant
@jeffsays