Vulnerabilities from old version of dependencies #112
Description
Feature request
There is vulnerability issue from dot-prop:4.2.0, detail of issue and dependency path is as following
So I appreciate if you update to use latest version of update-notifier
───────────────┬──────────────────────────────────────────────────────────────┐ │ High │ Prototype Pollution │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Package │ dot-prop │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Patched in │ >=5.1.1 │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Dependency of │ docsify-cli │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Path │ docsify-cli > update-notifier > configstore > dot-prop │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ More info │ https://npmjs.com/advisories/1213 │ └───────────────┴──────────────────────────────────────────────────────────────┘ What problem does this feature solve?
Resolve the vulnerability issue from dot-prop:4.2.0
What does the proposed API look like?
How should this be implemented in your opinion?
Are you willing to work on this yourself?
Metadata
Metadata
Assignees
Labels
No labels