global-prefix icon indicating copy to clipboard operation
global-prefix copied to clipboard
verified publisher icon jonschlinkert

Bump version kind-of to 6.0.3 to fix CVE-2019-20149

Open adelyafatykhova opened this issue 5 years ago • 1 comments

Description

Due to CVE-2019-20149, a new version of kind-of has been released.

Since global-prefix uses 6.0.2, this raises security flags.

adelyafatykhova avatar Jan 22 '20 14:01 adelyafatykhova

Thanks for the PR, but this isn't necessary right now. 6.0.3 will automatically be used due to the semver range. When other changes are made to this package, we'll merge it in at that time.

doowb avatar Jan 22 '20 17:01 doowb

I've ensured ^6.0.3 is specified in the v4.0.0 release.

phated avatar Aug 17 '24 16:08 phated