[BUG] Upgrade transitive dependency "hosted-git-info@2.8.8" to fix CVE-2021-23362 · Issue #53 · npm/read-installed (original) (raw)

This repository was archived by the owner on Feb 15, 2022. It is now read-only.

This repository was archived by the owner on Feb 15, 2022. It is now read-only.

Description

What / Why

While scanning my project with auditjs, I discovered read-installed has a transitive dependency on hosted-git-info@2.8.8 which has vulnerability CVE-2021-23362.

$ npm ls hosted-git-info auditjs@4.0.25 /Users/bhamail/sonatype/community/auditjs/auditjs └─┬ read-installed@4.0.3 └─┬ read-package-json@2.1.2 └─┬ normalize-package-data@2.5.0 └── hosted-git-info@2.8.8