INI version used (1.3.0) has a vulnerability

Question

aliasdhacker opened this issue 4 years ago · 4 comments

INI dependency needs to be upgraded. CircleCI does not like this version of INI because it has a vulnerability.

INI needs to be 1.3.6 or later -

Answer 1 · 2020-12-14T10:21:09.000Z

There is a pull request ready for this: #121

Answer 2 · 2021-02-12T22:42:55.000Z

switch to run-con

Answer 3 · 2021-04-07T19:52:06.000Z

The ini version is defined as ~1.3.0 which is equivalent to 1.3.x, so there should actually be no need for an update of rc, right?

Answer 4 · 2021-04-07T20:47:21.000Z

yeah i guess people could just update to 1.3.6, which is unaffected