homebridge-plugin-template icon indicating copy to clipboard operation
homebridge-plugin-template copied to clipboard

Published 20 hours ago verified publisher icon homebridge

Update nodemon version to resolve CVE-2022-25883

Open HenryGelderbloem opened this issue 1 year ago • 1 comments

:recycle: Current situation

Describe the current situation. Explain current problems, if there are any. Be as descriptive as possible (e.g., including examples or code snippets).

There is a vulnerability in the version of server installed. https://github.com/advisories/GHSA-c2qf-rxjj-qqgw

:bulb: Proposed solution

Describe the proposed solution and changes. How does it affect the project? How does it affect the internal structure (e.g., refactorings)?

Update the nodemon dependancy to ^3.0.3 to install the allow a patched version of server to install.

:gear: Release Notes

Provide a summary of the changes or features from a user's point of view. If there are breaking changes, provide migration guides using code examples of the affected features.

nodemon 3.0.0 is a breaking change so this will need to be reviewed.

HenryGelderbloem avatar Feb 14 '24 21:02 HenryGelderbloem

Should be fixed now 👍

bwp91 avatar Apr 07 '24 14:04 bwp91