Semver dependency update
mfernandes-alcumus opened this issue · 2 comments
mfernandes-alcumus commented
This version of bcrypt uses semver-6.3.0 which is a vulnerability, can this be updated asap? this is causing great security concerns for this package in our system.
jdaviderb commented
@mfernandes-alcumus Meanwhile, you can fix this using the npm feature of "overrides" in the package.json
"overrides": {
"semver@6.3.0": "5.7.2"
}
mfernandes-alcumus commented
I've tried that, it doesn't work, do I need to have semver installed as a dependency first @jdaviderb?