Hello ππ» , we would like to use bump CLI in Kibana (PR) but npm audit raised the following high severity vulnerability:
β― npm audit
# npm audit report
lodash.template *
Severity: high
Command Injection in lodash - https://github.com/advisories/GHSA-35jh-r3h4-6jhm
fix available via `npm audit fix`
node_modules/lodash.template
@oclif/plugin-warn-if-update-available 1.7.0 || 2.0.0 || 2.1.0 - 3.0.16
Depends on vulnerable versions of lodash.template
node_modules/@oclif/plugin-warn-if-update-available
2 high severity vulnerabilities
To address all issues, run:
npm audit fix
Would it be possible to upgrade to a version of @oclif/plugin-warn-if-update-available that does not have a vulnerable dependency? This is kind of a blocker for our PR to Kibana.
Hello ππ» , we would like to use bump CLI in Kibana (PR) but
npm auditraised the following high severity vulnerability:Would it be possible to upgrade to a version of
@oclif/plugin-warn-if-update-availablethat does not have a vulnerable dependency? This is kind of a blocker for our PR to Kibana.