kelektiv/node.bcrypt.js

Semver dependency update

mfernandes-alcumus opened this issue · 2 comments

This version of bcrypt uses semver-6.3.0 which is a vulnerability, can this be updated asap? this is causing great security concerns for this package in our system.

@mfernandes-alcumus Meanwhile, you can fix this using the npm feature of "overrides" in the package.json

"overrides": {
"semver@6.3.0": "5.7.2"
}

I've tried that, it doesn't work, do I need to have semver installed as a dependency first @jdaviderb?