You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I was just checking Google's new project Insight (https://deps.dev/) and happened to check a tool I'm using (mastodon-bot). This package was flagged with a vulnerability and it took me down a rabbit hole of dependancies ending more or less here: https://deps.dev/npm/gulp-eslint/3.0.1
Gulp-eslint seems to be loading a few packages with lodash dependency, some of those are old version with a known vulnerability (<4.17.21). I've checked the package-lock.json and it seems @shinnn/eslint-config might be the culprit as version 5.0.0 is currently loaded (version 7.0.0 is available).
Bear in mind I might have misread all that but if not you might want to update this dependency.
The text was updated successfully, but these errors were encountered:
Hi there,
I was just checking Google's new project Insight (https://deps.dev/) and happened to check a tool I'm using (mastodon-bot). This package was flagged with a vulnerability and it took me down a rabbit hole of dependancies ending more or less here: https://deps.dev/npm/gulp-eslint/3.0.1
Gulp-eslint seems to be loading a few packages with lodash dependency, some of those are old version with a known vulnerability (<4.17.21). I've checked the package-lock.json and it seems @shinnn/eslint-config might be the culprit as version 5.0.0 is currently loaded (version 7.0.0 is available).
Bear in mind I might have misread all that but if not you might want to update this dependency.
The text was updated successfully, but these errors were encountered: