Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

INI version used (1.3.0) has a vulnerability #120

Open
aliasdhacker opened this issue Dec 10, 2020 · 4 comments
Open

INI version used (1.3.0) has a vulnerability #120

aliasdhacker opened this issue Dec 10, 2020 · 4 comments

Comments

@aliasdhacker
Copy link

INI dependency needs to be upgraded. CircleCI does not like this version of INI because it has a vulnerability.

https://www.npmjs.com/advisories/1589

INI needs to be 1.3.6 or later -
@JimmyBjorklund
Copy link

JimmyBjorklund commented Dec 14, 2020
edited
Loading

There is a pull request ready for this: #121

@martin-fogelman martin-fogelman mentioned this issue Jan 5, 2021
Closed
@goatandsheep goatandsheep mentioned this issue Feb 5, 2021
Open
@goatandsheep
Copy link

switch to run-con

@stieben
Copy link

stieben commented Apr 7, 2021

The ini version is defined as ~1.3.0 which is equivalent to 1.3.x, so there should actually be no need for an update of rc, right?

@goatandsheep
Copy link

yeah i guess people could just update to 1.3.6, which is unaffected

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@aliasdhacker @goatandsheep @JimmyBjorklund @stieben