Details
-
Sub-task
-
Status: Closed
-
Blocker
-
Resolution: Fixed
-
UserALE.js 2.0.2
-
None
-
node.js
-
Patch, Important
Description
Because the Prototype Pollution vulnerability is so pervasive, npm is rolling back their "immutable" registry policy to allow for fixes to previous versions of ubiquitous dependencies (set-value, mixit, lodash). These fixes will bubble up to existing versions of major userale.js dev dependencies (gulp, nodemon, babel, etc., etc.). However, as the registry will accept changes to prior versions of dependencies, the hashes on these dependencies will change. This requires that we regenerate our package.json file.
Attachments
Issue Links
- is a child of
-
FLAGON-422 Update NPM modules to fix prototype pollution issues in npm packages
- Closed