gulp-version-number icon indicating copy to clipboard operation
gulp-version-number copied to clipboard

Published 20 hours ago verified publisher icon shinate

High vulnerability for dependency: fs-path

Open andzejsw opened this issue 6 years ago • 3 comments

High Command Injection Package fs-path Patched in No patch available Dependency of gulp-version-number Path gulp-version-number > fs-path More info https://nodesecurity.io/advisories/661

andzejsw avatar Sep 04 '18 12:09 andzejsw

I'm having this too due to gulp-util being deprecated, can this be fixed, by using updated/alternative packages?

dippas avatar Dec 17 '18 21:12 dippas

Any update on this? This gulp plugin is perfect but impossible to use due to high risk.

S-n-d avatar Aug 30 '19 08:08 S-n-d

if anyone still out there, i've made a PR to fix this. Please have a look and improve it if you can. See #13. thanks! PS: If you want to fix the audit for this packaging using old gulp, check #14 ;)

LC43 avatar Jan 20 '20 02:01 LC43