You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The vulnerability is fixed in [email protected]. Later versions of execa do call for cross-spawn@^7.0.3, which could resolve to 7.0.5.
Thus, this project's dependency on execa should be bumped to at least the earliest version that allows for [email protected] to be installed. The earliest version of execa that calls for cross-spawn@^7.0.0 is execa@^3.0.0.
The text was updated successfully, but these errors were encountered:
The
1.0.0version of theexecadependency has a dependency forcross-spawn@^6.0.0, but this version ofcross-spawnis insecure (CVE-2024-21538).The vulnerability is fixed in
[email protected]. Later versions ofexecado call forcross-spawn@^7.0.3, which could resolve to7.0.5.Thus, this project's dependency on
execashould be bumped to at least the earliest version that allows for[email protected]to be installed. The earliest version ofexecathat calls forcross-spawn@^7.0.0isexeca@^3.0.0.The text was updated successfully, but these errors were encountered: