You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This package is running a really old version of npm (2.15.12 while current is 7.24.0), which has a known security vulnerability in its dependencies.
One of my projects received a dependabot security warning about tar package versions below 4.4.16. This package is currently using tar 2.2.1 through the npm package.
I tracked the minimum npm version required to plug this security hole: v7.0.0
node-gyp needs to be at least v7.0.0 to pull in this commit which upgrades the tar version to ~> 4.4.16.
This package is running a really old version of npm (
2.15.12while current is7.24.0), which has a known security vulnerability in its dependencies.One of my projects received a dependabot security warning about
tarpackage versions below4.4.16. This package is currently usingtar 2.2.1through thenpmpackage.I tracked the minimum npm version required to plug this security hole: v7.0.0
tarversion to~> 4.4.16.node-gypdependency and has a securetarversion in this commit, which is part of thev7.0.0release: https://github.com/npm/cli/blob/v7.0.0/package.jsonThe text was updated successfully, but these errors were encountered: