Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove update-notifier from dependencies #236

Closed
benjamin-chang opened this issue Mar 26, 2024 · 1 comment · Fixed by #240
Closed

Remove update-notifier from dependencies #236

benjamin-chang opened this issue Mar 26, 2024 · 1 comment · Fixed by #240

Comments

@benjamin-chang
Copy link

update-notifer v0.2.0 - v5.1.0 has a vulnerability, CVE-2022-33987, in its dependencies.

This has been addressed in v6.0.0 but is ESM-only.

Relevant links:

maizzle/framework#1223
https://github.com/yeoman/update-notifier
@benjamin-chang benjamin-chang mentioned this issue Mar 26, 2024
Closed
@cossssmin cossssmin mentioned this issue Mar 27, 2024
Closed
@cossssmin
Copy link
Member

Opened #237 which fixes this, but right now the build is failing in GitHub Actions because of the chalk package for some reason.

Need to get this fixed before merging.

@cossssmin cossssmin mentioned this issue Apr 8, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

chore: remove update notifier maizzle/cli
chore: remove update-notifier maizzle/cli
2 participants
@benjamin-chang @cossssmin