ottlinger opened a new issue #202: Fix security issue in set-value URL: https://github.com/apache/drat/issues/202 I didn't find DRAT in the ASF jira thus I file this issue here: https://nvd.nist.gov/vuln/detail/CVE-2019-10747 Remediation Upgrade set-value to version 2.0.1 or later. For example: ``` "dependencies": { "set-value": ">=2.0.1" } ``` or… ``` "devDependencies": { "set-value": ">=2.0.1" } ``` Always verify the validity and compatibility of suggestions with your codebase. https://github.com/apache/drat/blob/master/webapps/proteus-new/src/main/webapp/resources/package-lock.json
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services
