This repository has been archived by the owner on Jul 24, 2024. It is now read-only.
Git-Dependabot Alert - Child dependency version to be upgraded #3335
Comments
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
npm -v): 6.14.12node -v): 14.16.1node -p process.versions): {node: '14.16.1',
v8: '8.4.371.19-node.18',
uv: '1.40.0',
zlib: '1.2.11',
brotli: '1.0.9',
ares: '1.16.1',
modules: '83',
nghttp2: '1.41.0',
napi: '7',
llhttp: '2.1.3',
openssl: '1.1.1k',
cldr: '37.0',
icu: '67.1',
tz: '2020a',
unicode: '13.0'
}
node -p process.platform): darwinnode -p process.arch): x64node -p "require('node-sass').info"): node-sass 8.0.0 (Wrapper) [JavaScript]npm ls node-sass): [email protected]The latest version of node-sass uses make-fetch-happen of version ^10.0.4, which has a child dependency "http-cache-semantics": "^4.1.0" whereas http-cache-semantics(4.1.0) has security vulnerabilities and is treated as a dependabot alert in our application.
So can you upgrade the version of make-fetch-happen to 11.0.3 in node-sass which will address all the security vulnerabilities.
The text was updated successfully, but these errors were encountered: