yo icon indicating copy to clipboard operation
yo copied to clipboard

Published 20 hours ago verified publisher icon yeoman

Update vulnerable dependencies trim-newlines and glob-parent

Open splatteredbits opened this issue 3 years ago • 1 comments

Type of issue

npm audit fails when I'm using Yo 4.2.0. Advisories 1751 in glob-parent (moderate) and 1753 in trim-newlines (high).

My environment

  • Windows 10 x64
  • Node.js 14.17.4
  • NPM 6.14.14
  • Yo 4.2.0

Expected behavior

No security vulnerabilities.

Current behavior

There are 36 vulnerabilities.

Steps to reproduce the behavior

  1. npm install yo@latest
  2. npm audit

Command line output

yo vulns.txt

splatteredbits avatar Jul 29 '21 20:07 splatteredbits

trim-newlines is a dependency of meow and was reported in #672. It should be fixed with #675.

For glob-parent though, by looking at your npm audit output, it looks like one of generators may be using an outdated version of yeoman-generator, as the issue seems to be patched in the latest version. I'd recommend looking through your generators and seeing which ones use the vulnerable version of glob-parent and then getting those generators to move to the latest version of yeoman-generator.

Logicer16 avatar Aug 01 '21 01:08 Logicer16