Update vulnerable iterm2-version dependency #6
Comments
yannrouillard
added a commit
to yannrouillard/instawhatsapp
that referenced
this issue
Nov 28, 2018
`terminal-image` indirectly depends on `plist 2.0.1` which is vulnerable to a DOS attack. We force the use of a more recent version to fix the issue. There is no incompatibility risk as the breaking change for this library is the drop of node 4 support. We also opened directly a bug so that the dependency is updated in the library that uses this version: sindresorhus/term-img#6
yannrouillard
added a commit
to yannrouillard/instawhatsapp
that referenced
this issue
Nov 28, 2018
`terminal-image` indirectly depends on `plist 2.0.1` which is vulnerable to a DOS attack. We force the use of a more recent version to fix the issue. There is no incompatibility risk as the breaking change for this library is the drop of node 4 support. We also opened directly a bug so that the dependency is updated in the library that uses this version: sindresorhus/term-img#6
yannrouillard
added a commit
to yannrouillard/instawhatsapp
that referenced
this issue
Nov 28, 2018
`terminal-image` indirectly depends on `plist 2.0.1` which is vulnerable to a DOS attack. We force the use of a more recent version to fix the issue. There is no incompatibility risk as the breaking change for this library is the drop of node 4 support. We also opened directly a bug so that the dependency is updated in the library that uses this version: sindresorhus/term-img#6
yannrouillard
added a commit
to yannrouillard/instawhatsapp
that referenced
this issue
Nov 29, 2018
`terminal-image` indirectly depends on `plist 2.0.1` which is vulnerable to a DOS attack. We force the use of a more recent version to fix the issue. There is no incompatibility risk as the breaking change for this library is the drop of node 4 support. We also opened directly a bug so that the dependency is updated in the library that uses this version: sindresorhus/term-img#6
yannrouillard
added a commit
to yannrouillard/instawhatsapp
that referenced
this issue
Nov 29, 2018
`terminal-image` indirectly depends on `plist 2.0.1` which is vulnerable to a DOS attack. We force the use of a more recent version to fix the issue. There is no incompatibility risk as the breaking change for this library is the drop of node 4 support. We also opened directly a bug so that the dependency is updated in the library that uses this version: sindresorhus/term-img#6
yannrouillard
added a commit
to yannrouillard/instawhatsapp
that referenced
this issue
Nov 29, 2018
`terminal-image` indirectly depends on `plist 2.0.1` which is vulnerable to a DOS attack. We force the use of a more recent version to fix the issue. There is no incompatibility risk as the breaking change for this library is the drop of node 4 support. We also opened directly a bug so that the dependency is updated in the library that uses this version: sindresorhus/term-img#6
yannrouillard
added a commit
to yannrouillard/instawhatsapp
that referenced
this issue
Nov 29, 2018
`terminal-image` indirectly depends on `plist 2.0.1` which is vulnerable to a DOS attack. We force the use of a more recent version to fix the issue. There is no incompatibility risk as the breaking change for this library is the drop of node 4 support. We also opened directly a bug so that the dependency is updated in the library that uses this version: sindresorhus/term-img#6
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The
iterm2-versionversion 2.0.1 package depends onplistversion 2.0.1 which is vulnerable to the following security issue TooTallNate/plist.js#89.Could you update
iterm2-versionto the last version to avoid this issue ?Thanks in advance !
Yann
The text was updated successfully, but these errors were encountered: