node.bcrypt.js icon indicating copy to clipboard operation
node.bcrypt.js copied to clipboard

Published 20 hours ago verified publisher icon kelektiv

Semver dependency update

Open mfernandes-alcumus opened this issue 1 year ago • 2 comments

This version of bcrypt uses semver-6.3.0 which is a vulnerability, can this be updated asap? this is causing great security concerns for this package in our system.

mfernandes-alcumus avatar Jul 28 '23 09:07 mfernandes-alcumus

@mfernandes-alcumus Meanwhile, you can fix this using the npm feature of "overrides" in the package.json

"overrides": { "[email protected]": "5.7.2" }

jdaviderb avatar Aug 01 '23 14:08 jdaviderb

I've tried that, it doesn't work, do I need to have semver installed as a dependency first @jdaviderb?

mfernandes-alcumus avatar Aug 03 '23 13:08 mfernandes-alcumus