AG
AG
Today yo declares it dependency with 'yeoman-environment' (and some other packages) by imprecise way (like '^2.4.0'). From one hand it is more flexible way to have some minor updates transparently...
The last available version for go [ecosystem](https://pkg.go.dev) is v7.1.0 but this release has a several security vulnerability issues opened with score > 7 (high), like [CVE-2020-28852](https://nvd.nist.gov/vuln/detail/CVE-2020-28852), [CVE-2020-28851](https://nvd.nist.gov/vuln/detail/CVE-2020-28851), [CVE-2021-33194](https://nvd.nist.gov/vuln/detail/CVE-2021-33194), [CVE-2020-14040](https://nvd.nist.gov/vuln/detail/CVE-2020-14040), [CVE-2020-28851](https://nvd.nist.gov/vuln/detail/CVE-2020-28851)...