git-branch icon indicating copy to clipboard operation
git-branch copied to clipboard

Published 20 hours ago verified publisher icon jonschlinkert

findup-sync v2 relies on insecure dependancies

Open carpiediem opened this issue 4 years ago • 1 comments

Dependencies include kind-of v3 and braces v2. The current release of findup-sync is 4.0.0

https://github.com/jonschlinkert/git-branch/pull/12

carpiediem avatar Apr 02 '20 09:04 carpiediem

As a workaround you can add this to your package.json (works with pnpm or yarn):

{
  ...
  "resolutions": {
    "findup-sync": "^4.0.0"
  }
  ...
}

The package seems to work with findup-sync 4.0.0 without any problems.

tilman avatar Jul 27 '23 11:07 tilman