William Marlow
William Marlow
Appmetrics currently uses `[email protected]` which has a prototype pollution vulnerability: * [CVE-2021-23413](https://nvd.nist.gov/vuln/detail/CVE-2021-23413) * [npm advisory 1774](https://www.npmjs.com/advisories/1774) * [GitHub advisory GHSA-jg8v-48h5-wgxg](https://github.com/advisories/GHSA-jg8v-48h5-wgxg) This PR upgrades the `jszip` dependency to `^3.7.0` and consequently...
`npm exec`/`npx` do not fully respect the `script-shell` parameter. When combined with https://github.com/npm/run-script/issues/103 this means that users on AIX cannot run `npx`/`npm exec` commands even with `script-shell` set to `bash`....