update set-value to a non-vulnerable version

Open TysonMN opened this issue 4 years ago • 0 comments

Can a new version be released in order to address this security vulnerability?

Dependabot cannot update set-value to a non-vulnerable version
The latest possible version that can be installed is 2.0.1 because of the following conflicting dependencies:

@codedoc/[email protected] requires set-value@^2.0.0 via a transitive dependency on [email protected]
@codedoc/[email protected] requires set-value@^2.0.1 via a transitive dependency on [email protected]
The earliest fixed version is 4.0.1.

Sep 18 '21 13:09 TysonMN