You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The 1.0.0 version of the execa dependency has a dependency for cross-spawn@^6.0.0, but this version of cross-spawn is insecure (CVE-2024-21538).
@currents/commit-info@1.0.0 requires cross-spawn@^6.0.0 via execa@1.0.0
No patched version available for cross-spawn
The vulnerability is fixed in cross-spawn@7.0.5. Later versions of execa do call for cross-spawn@^7.0.3, which could resolve to 7.0.5.
Thus, this project's dependency on execa should be bumped to at least the earliest version that allows for cross-spawn@7.0.5 to be installed. The earliest version of execa that calls for cross-spawn@^7.0.0 is execa@^3.0.0.
The text was updated successfully, but these errors were encountered:
The
1.0.0version of theexecadependency has a dependency forcross-spawn@^6.0.0, but this version ofcross-spawnis insecure (CVE-2024-21538).The vulnerability is fixed in
cross-spawn@7.0.5. Later versions ofexecado call forcross-spawn@^7.0.3, which could resolve to7.0.5.Thus, this project's dependency on
execashould be bumped to at least the earliest version that allows forcross-spawn@7.0.5to be installed. The earliest version ofexecathat calls forcross-spawn@^7.0.0isexeca@^3.0.0.The text was updated successfully, but these errors were encountered: