-
Notifications
You must be signed in to change notification settings - Fork 67
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Task: Upgrade cross-spawn
version due to Node Cross-Spawn Vulnerability (CVE-2024–21538)
#1038
Comments
cross-pawn
version due to Node Cross-Spawn Vulnerability (CVE-2024–21538)cross-pawn
version due to Node Cross-Spawn Vulnerability (CVE-2024–21538)
cross-pawn
version due to Node Cross-Spawn Vulnerability (CVE-2024–21538)cross-spawn
version due to Node Cross-Spawn Vulnerability (CVE-2024–21538)
Our locked This issue is currently blocking me from committing code, so any advice on resolving it would be greatly appreciated. :) @CodeWritingCow |
@nlebovits also looping you in for advice on this. Thanks! :) |
Hey @vinhyan sorry for my slow response on this! Was OOO while traveling. I'm not a JS expert at all but I'll make sure @CodeWritingCow sees this and gets back to you. |
@vinhyan When I ran Also ran Generally, I recommend not manually changing package-lock.json. We should update and manage it using npm commands such as |
Describe the task
Looks like the issue of
cross-spawn
might be from this transitive dependency, upgrading the parent dependency is needed:High vulnerability issue with the current
cross-spawn
version 7.0.3. CVE-2024-21538npm audit fix
cannot fix unless bumping up version to 7.0.5 or above.Acceptance Criteria
cross-spawn
dependency is updated to version 7.0.5 or higher in the npm package.cross-spawn
is no longer flagged bynpm audit
.Additional context
npm audit
.The text was updated successfully, but these errors were encountered: