-
-
Notifications
You must be signed in to change notification settings - Fork 41
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Patch versions for older majors? #16
Comments
Just for reference, here's the advisory. I saw another comment that said it'd also been patched in 2.0.1, maybe the advisory should be changed to reflect that. |
Unfortunately a ton of bundled modules under a ton of other modules reference v2...what is the fix? |
@chaosZeroFive it sounds like 2.0.1 has the fix, but the advisory doesn't know it yet, so npm audit doesn't know it yet. |
Yeah, it's definitely applied in the 2.0.1 branch. I shot an email to npm support about this, hopefully they change the criteria for the advisory. |
I was just emailed back by npm, they added 2.0.1 to remediated! |
I just verified that by running |
Greatly appreciate the fix. Just a heads up that this still shows as vulnerable in the Github Advisory Database. |
Hi there, any chance of releasing patch versions with the security fix for the older major versions? Many very popular libraries depend on
^2.0.0
or even0.X
. Thanks!The text was updated successfully, but these errors were encountered: