ember-cli-pact icon indicating copy to clipboard operation
ember-cli-pact copied to clipboard
verified publisher icon salsify

Vulnerability in decompress/4.2.0

Open jrrbru opened this issue 5 years ago • 0 comments

ember-cli-pact has nested dependency decompress/4.2.0 with a security vulnerability: https://nvd.nist.gov/vuln/detail/CVE-2020-12265. This is from a direct dependency on pact-node^8.4.0. The newest version of pact-node does not have this vulnerability. Would it be possible to update the dependency to a version of pact-node that removes the vulnerability?

jrrbru avatar Jun 25 '20 14:06 jrrbru