Firebase-tools: High vulnerability package need to be updated [dot-prop]
Package update request.
the dot-prop package has been found vulnerable and needed to be updated.
[REQUIRED] Environment info
8.6.0
firebase-tools:
macOS
Platform:
[REQUIRED] Test case
npm audit
[REQUIRED] Steps to reproduce
npm audit
[REQUIRED] Expected behavior
no vulnerability
[REQUIRED] Actual behavior
found 2 high severity vulnerabilities in 1370 scanned packages
YahangWu
All 4 comments
This issue does not seem to follow the issue template. Make sure you provide all the required information.
google-oss-bot
on 30 Jul 2020
@WuHarry thanks for filing this! I tried to get GitHub's dependabot to fix it automatically but it said:
Dependabot cannot create a pull request as one or more other dependencies require a version that is incompatible with this update.
I'll see why. Might have to file a bug against some of our dependencies.
samtstern
on 30 Jul 2020
Here's the tree:
$ npm ls dot-prop
[email protected] /Users/samstern/Projects/firebase-tools
โโโฌ [email protected]
โ โโโ [email protected]
โโโฌ [email protected]
โ โโโฌ @google-cloud/[email protected]
โ โโโฌ [email protected]
โ โโโฌ [email protected]
โ โโโ [email protected]
โโโฌ [email protected]
โโโฌ [email protected]
โโโ [email protected]
Let's see if we can update update-notifier
samtstern
on 30 Jul 2020
@WuHarry we've done all we can do here, @bkendall is working on an update to superstatic which will fix the transitive dep.
samtstern
on 30 Jul 2020
👍2
🚀1
Was this page helpful?
0 / 5 - 0 ratings
Related issues
jkeys089
ยท
3Comments
chwzr
ยท
4Comments
DragonOsman
ยท
3Comments
kyleabens
ยท
3Comments
adam-remotesocial
ยท
3Comments
Most helpful comment
@WuHarry we've done all we can do here, @bkendall is working on an update to
superstaticwhich will fix the transitive dep.