dot-prop 4.2.0 installs with nodejs 14 creating security issue #34708
Labels
npm
Issues and PRs related to the npm client dependency or the npm registry.
wrong repo
Issues that should be opened in another repository.
Version:
v14.7.0
Platform: Linux 359fde9c186f 5.3.0-1019-aws #21~18.04.1-Ubuntu SMP Mon May 11 12:33:03 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
Subsystem: dot-prop
What steps will reproduce the bug?
curl -sL https://deb.nodesource.com/setup_14.x | sudo -E bash -
sudo apt-get install -y nodejs
Installs dot-prop 4.2.0 in /usr/lib/node_modules/npm/node_modules/dot-prop
https://www.npmjs.com/advisories/1213
How often does it reproduce? Is there a required condition?
Every time nodejs installs
What is the expected behavior?
dot-prop >=5.1.1 should install
The text was updated successfully, but these errors were encountered: