refresh the lockfile to automatically remove the vulnerability introduced in @aginix/nestjs-gcloud-storage #450
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
Hi, @n3n, I have reported a vulnerability issue in package @google-cloud/storage.
As far as I am aware, vulnerability CVE-2020-26289 detected in package date-and-time<0.14.2) is directly referenced by @google-cloud/[email protected], on which your package @aginix/[email protected] directly depends. As such, this vulnerability can also affect @aginix/[email protected] via the following path:
@aginix/[email protected] ➔ @google-cloud/[email protected] ➔ [email protected](vulnerable version)Since @google-cloud/storage has released a new patched version @google-cloud/[email protected] to resolve this issue (@google-cloud/[email protected] ➔ [email protected](fix version)), then this vulnerability patch can be automatically propagated into your project only if you update your lockfile. The following is your new dependency path :
@aginix/[email protected] ➔ @google-cloud/[email protected] ➔ [email protected](vulnerability fix version).A warm tip.
Best regards,
^_^
The text was updated successfully, but these errors were encountered: