NSP/Snyke.io report of volunerability - upgrade of winston dependency
YasharF opened this issue · 2 comments
YasharF commented
Snyk.io is reporting that node-foursquare depends on an out-of-date version of winston which is using a vulnerable version of request. Winston as of version 0.8.0 no longer has a dependency on request. Can you please upgrade node-foursquare to use a more updated version of winston?
clintandrewhall commented
This change has been made and added to v0.3.2