eclint icon indicating copy to clipboard operation
eclint copied to clipboard

Published 20 hours ago verified publisher icon jednano

os-locale dependency vulnerable

Open mcandre opened this issue 5 years ago • 1 comments

Please update the os-locale dependency in order to resolve a vulnerability in mem.

https://github.com/sindresorhus/mem/commit/da4e4398cb27b602de3bd55f746efa9b4a31702b

https://www.npmjs.com/package/os-locale

mcandre avatar Nov 03 '19 18:11 mcandre

Ah, I had mistakenly calculated the wrong source for this dependency. Looks like eclint updated os-locale and mem a while ago.

GitHub reporting does not provide the dependency chain. In fact, my old mem version is coming from eclint's version of gulp-reporter.

Please update or replace gulp-reporter.

mcandre avatar Nov 03 '19 18:11 mcandre