Update simple-git dependency to current release, fixes high sev vulnerability

Question

Update simple-git dependency to current release, fixes high sev vulnerability

sisyphusSmiling opened this issue 2 years ago · 0 comments

Problem

This package has a high severity vulnerability on simple-git. GitHub Advisory Database recommends updating to ^3.5.0 to avoid Command Injection vulnerability.

Steps to Reproduce

run npm audit from package root directory which returns the following output

# npm audit report

simple-git  <=3.4.0
Severity: high
Command injection in simple-git - https://github.com/advisories/GHSA-3f95-r44v-8mrg
Command injection in simple-git - https://github.com/advisories/GHSA-28xr-mwxg-3qc8
fix available via `npm audit fix --force`
Will install simple-git@3.12.0, which is a breaking change
node_modules/simple-git

1 high severity vulnerability

To address all issues (including breaking changes), run:
  npm audit fix --force

Acceptance Criteria

Update simple-git dependency in flow-cadut package.json to ^3.12.0

Context

I'm working on updating documentation for flow-js-testing which has a dependency on flow-cadut. Hoping to get this dependency updated before updating documentation for the installation process.