hexo-generator-seo-friendly-sitemap icon indicating copy to clipboard operation
hexo-generator-seo-friendly-sitemap copied to clipboard

Published 20 hours ago verified publisher icon ludoviclefevre

Dependencies don't seem to have updated on npm or yarn

Open 101614855 opened this issue 4 years ago • 6 comments

lodash which has been update to version 14.17.12 in this repo does not seem to be pulled through when pulling from npm or yarn. Both package managers still pull in lodash 14.17.11 for some reason

101614855 avatar Sep 17 '19 07:09 101614855

+1 Need to release a new version and publish to npm

stevenjoezhang avatar Sep 30 '19 16:09 stevenjoezhang

Someone can please explain why that happens?

fam4r avatar Oct 01 '19 21:10 fam4r

sudo npm audit === npm audit security report === Manual Review Some vulnerabilities require your attention to resolve Visit https://go.npm.me/audit-guide for additional guidance High Prototype Pollution Package lodash Patched in >=4.17.12 Dependency of hexo-generator-seo-friendly-sitemap Path hexo-generator-seo-friendly-sitemap > lodash More info https://npmjs.com/advisories/1065

sudo npm list lodash [email protected] /home/blablabalabla ├─┬ [email protected] │ ├── [email protected] deduped │ └─┬ [email protected] │ └── [email protected] deduped ├─┬ [email protected] │ └── [email protected] └── [email protected]

h0ek avatar Nov 14 '19 11:11 h0ek

@ludoviclefevre any update on that?

fam4r avatar Nov 25 '19 11:11 fam4r

Bump. @ludoviclefevre

ishaanx avatar Jan 06 '20 06:01 ishaanx

looks like this repo and project is dead :( time to find other sitemap generator

h0ek avatar Nov 06 '23 16:11 h0ek