We've just got a warning about a node-tar vulnerability: https://github.com/apache/cordova-lib/security/dependabot/35 This causes `npm audit` to fail.
However, this is a sub-dependency and the fix is within the semver range and we don't have a shrinkwrap file, so a published version of cordova-lib should automatically pull in the updated dependency. How does this impact the voting? ~Darryl --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
