gulp
Status of the yargs-parser vulnerability fix in gulp package #2490
-
|
Hi, I'd like to ask about status of this issue. I see that there are version of gulp-cli, yargs and yargs-parser that contains fix for the mentioned vulnerability. Is there existing version of gulp using dependencies containing fix? |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments
-
|
Hey @andrzejgorgon! A lot of people don't realize that SemVer already solves this. We rely on it heavily for these fixes to propagate up to gulp. Basically, you just need to remove your lockfile and update your dependencies. |
Beta Was this translation helpful? Give feedback.
-
|
That's great. Thanks a lot 👍 |
Beta Was this translation helpful? Give feedback.
Hey @andrzejgorgon! A lot of people don't realize that SemVer already solves this. We rely on it heavily for these fixes to propagate up to gulp. Basically, you just need to remove your lockfile and update your dependencies.