[BUG] Upgrade transitive dependency "hosted-git-info@2.8.8" to fix CVE-2021-23362 #53

bhamail · 2021-03-30T15:15:46Z

What / Why

While scanning my project with auditjs, I discovered read-installed has a transitive dependency on hosted-git-info@2.8.8 which has vulnerability CVE-2021-23362.

$ npm ls hosted-git-info
  auditjs@4.0.25 /Users/bhamail/sonatype/community/auditjs/auditjs
  └─┬ read-installed@4.0.3
    └─┬ read-package-json@2.1.2
      └─┬ normalize-package-data@2.5.0
        └── hosted-git-info@2.8.8

The text was updated successfully, but these errors were encountered:

bhamail mentioned this issue Apr 7, 2021

Update read-package-json, setup GitHub action #54

Open

dae referenced this issue in ankitects/anki May 7, 2021

update license checker for security issue in dependency

83850a1

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[BUG] Upgrade transitive dependency "hosted-git-info@2.8.8" to fix CVE-2021-23362 #53

[BUG] Upgrade transitive dependency "hosted-git-info@2.8.8" to fix CVE-2021-23362 #53

bhamail commented Mar 30, 2021 •

edited

Loading

[BUG] Upgrade transitive dependency "hosted-git-info@2.8.8" to fix CVE-2021-23362 #53

[BUG] Upgrade transitive dependency "hosted-git-info@2.8.8" to fix CVE-2021-23362 #53

Comments

bhamail commented Mar 30, 2021 • edited Loading

What / Why

bhamail commented Mar 30, 2021 •

edited

Loading