npm-run-all icon indicating copy to clipboard operation
npm-run-all copied to clipboard

Published 20 hours ago verified publisher icon mysticatea

dependency shell-quote CVE-2021-42740

Open robmaas opened this issue 2 years ago • 1 comments

Please upgrade npm package shell-quote to 1.7.3+ to patch https://github.com/advisories/GHSA-g4rg-993r-mgx7

robmaas avatar Jun 24 '22 13:06 robmaas

Until the package gets updated, you can use Yarn's resolutions or npm's overrides to override the dependency. For example for Yarn:

{
  "devDependencies": {
    "npm-run-all": "4.1.5"
  },
  "resolutions": {
    "shell-quote": "1.7.3"
  }
}

Etheryte avatar Aug 11 '22 09:08 Etheryte