-
Notifications
You must be signed in to change notification settings - Fork 3
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Resolve four active dependency vulnerabilities #424
Labels
Comments
jessex
added
dependencies
Pull requests that update a dependency file
Type: Task
labels
May 11, 2021
This was referenced May 13, 2021
The postcss issue seems unlikely to be patched, but there is no actual production vulnerability since it's only used for build tooling. It should be safe to dismiss. PR for lodash forthcoming to close this issue. |
It does look like we're unlikely to see a very near-term patch from either postcss or CRA. Agreed with your assessment, though, @macfarlandian, that this can be dismissed! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
What needs to be done? Why does it need to be done?
There are four fresh, active dependency vulnerabilities for this repo: postcss, lodash, hosted-git-info, and url-parse. Two of these are high severity vulnerabilities and have been active for 3 days, so should be resolved this week. Fortunately, dependabot generated fixes for two of these already which are awaiting code review and merge.
Additional context
Vulnerabilities listed here
The text was updated successfully, but these errors were encountered: