We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Dependabot has picked up a dependency on an old version of yargs from migrate-mongoose^4.0.0.
yargs
migrate-mongoose^4.0.0
There is a moderately-severe security vulnerability notice on [email protected]:
[email protected]
The latest possible version that can be installed is 2.4.1 because of the following conflicting dependencies. The earliest fixed version is 5.0.1.
I'm not exactly sure why the old version is still being resolved by NPM/Yarn but would it be possible to bump that up?
"migrate-mongoose": { "version": "4.0.0", "resolved": "https://registry.npmjs.org/migrate-mongoose/-/migrate-mongoose-4.0.0.tgz", "integrity": "sha512-Zf4Jk+CvBZUrZx4q/vvYr2pRGYAo7RO4BJx/3aTAR9VhNa34/iV0Rhqj87Tflk0n14SgwZpqvixyJzEpmSAikg==", "requires": { "bluebird": "^3.3.3", "colors": "^1.1.2", "dotenv": "^8.0.0", "inquirer": "^0.12.0", "mkdirp": "^0.5.1", "mongoose": "^5.6.3", "yargs": "^4.8.1" } },
"yargs": { "version": "4.8.1", "resolved": "https://registry.npmjs.org/yargs/-/yargs-4.8.1.tgz", "integrity": "sha1-wMQpJMpKqmsObaFznfshZDn53cA=", "requires": { "cliui": "^3.2.0", "decamelize": "^1.1.1", "get-caller-file": "^1.0.1", "lodash.assign": "^4.0.3", "os-locale": "^1.4.0", "read-pkg-up": "^1.0.1", "require-directory": "^2.1.1", "require-main-filename": "^1.0.1", "set-blocking": "^2.0.0", "string-width": "^1.0.1", "which-module": "^1.0.0", "window-size": "^0.2.0", "y18n": "^3.2.1", "yargs-parser": "^2.4.1" } },
"yargs-parser": { "version": "2.4.1", "resolved": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-2.4.1.tgz", "integrity": "sha1-hVaN488VD/SfpRgl8DqMiA3cxcQ=", "requires": { "camelcase": "^3.0.0", "lodash.assign": "^4.0.6" } }
The text was updated successfully, but these errors were encountered:
No branches or pull requests
Dependabot has picked up a dependency on an old version of
yargs
frommigrate-mongoose^4.0.0
.There is a moderately-severe security vulnerability notice on
[email protected]
:I'm not exactly sure why the old version is still being resolved by NPM/Yarn but would it be possible to bump that up?
The text was updated successfully, but these errors were encountered: