We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Yarn version 1.22.19 has security vulnerabilities in its dependencies, specifically semver and ssri. The affected and patched versions are as follows:
semver
ssri
1. semver
>= 7.0.0, < 7.5.2
>= 6.0.0, < 6.3.1
< 5.7.2
7.5.2
6.3.1
5.7.2
2. ssri
>= 5.2.2, < 6.0.2
>= 7.0.0, < 7.1.1
= 8.0.0
6.0.2
7.1.1
8.0.1
Could these dependencies be updated to the patched versions in Yarn 1.22.19 to 1.22.22 ? Thank you.
The text was updated successfully, but these errors were encountered:
No branches or pull requests
Vulnerabilities in Dependencies in Yarn 1.22.19 and 1.22.22
Description
Yarn version 1.22.19 has security vulnerabilities in its dependencies, specifically
semver
andssri
. The affected and patched versions are as follows:1. semver
>= 7.0.0, < 7.5.2
>= 6.0.0, < 6.3.1
< 5.7.2
7.5.2
6.3.1
5.7.2
2. ssri
>= 5.2.2, < 6.0.2
>= 7.0.0, < 7.1.1
= 8.0.0
6.0.2
7.1.1
8.0.1
GitHub Advisory Links
Request
Could these dependencies be updated to the patched versions in Yarn 1.22.19 to 1.22.22 ? Thank you.
The text was updated successfully, but these errors were encountered: