Security audit fails because of hosted-git-info vulnerability

Question

Security audit fails because of hosted-git-info vulnerability

mlarente opened this issue 4 years ago · 1 comments

The npm security audit fails because of a hosted-git-info vulnerability. This is a dependency through the read-pkg-up package. The latest version of read-pkg-up doesn't depend on the vulnerable package.

Answer 1 · 2021-05-07T04:45:24.000Z

We can never upgrade read-pkg-up, because it drops support for node versions we must support.

See #2047 which seeks to remove the dep altogether.

Duplicate of #2046.