Skip to content
This repository has been archived by the owner on Jul 24, 2024. It is now read-only.

Git-Dependabot Alert - Child dependency version to be upgraded #3335

Open
Balaji-CDE opened this issue Feb 8, 2023 · 0 comments
Open

Git-Dependabot Alert - Child dependency version to be upgraded #3335

Balaji-CDE opened this issue Feb 8, 2023 · 0 comments

Comments

@Balaji-CDE
Copy link

  • NPM version (npm -v): 6.14.12
  • Node version (node -v): 14.16.1
  • Node Process (node -p process.versions): {
    node: '14.16.1',
    v8: '8.4.371.19-node.18',
    uv: '1.40.0',
    zlib: '1.2.11',
    brotli: '1.0.9',
    ares: '1.16.1',
    modules: '83',
    nghttp2: '1.41.0',
    napi: '7',
    llhttp: '2.1.3',
    openssl: '1.1.1k',
    cldr: '37.0',
    icu: '67.1',
    tz: '2020a',
    unicode: '13.0'
    }
  • Node Platform (node -p process.platform): darwin
  • Node architecture (node -p process.arch): x64
  • node-sass version (node -p "require('node-sass').info"): node-sass 8.0.0 (Wrapper) [JavaScript]
  • npm node-sass versions (npm ls node-sass): node-sass@8.0.0

The latest version of node-sass uses make-fetch-happen of version ^10.0.4, which has a child dependency "http-cache-semantics": "^4.1.0" whereas http-cache-semantics(4.1.0) has security vulnerabilities and is treated as a dependabot alert in our application.

Screenshot 2023-02-08 at 11 22 59 AM

So can you upgrade the version of make-fetch-happen to 11.0.3 in node-sass which will address all the security vulnerabilities.
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Balaji-CDE