-
-
Notifications
You must be signed in to change notification settings - Fork 682
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
npm module [email protected] marked as latest #865
Labels
Comments
yes. that's how it works. It's not marked as latest for a reason. check #856, #862, and superagent's one ladjs/superagent#1725 (comment) and ladjs/superagent#1724.
They are not that effected. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Support plan
Context
What are you trying to achieve or the steps to reproduce?
Our security scans find a vulnerability in [email protected] (CVE-2022-29622).
What was the result you got?
[email protected] is pulled in by [email protected] in our product.
Even though [email protected] is very new it still pulls [email protected]
Looking at that page here: https://www.npmjs.com/package/formidable
we can see that [email protected] marked as
latest
- this might explain why [email protected] pulls [email protected] instead of [email protected]What result did you expect?
We expect all the products to pull the latest and greatest formidable with all the CVE's fixed.
The text was updated successfully, but these errors were encountered: