Update npm-run - it has security issue

Question

opened this issue 6 years ago · comments

Describe the bug
Actual version use npm-run v4 which has security issue because it uses sync-exec. https://nodesecurity.io/advisories/310

Please upgrade npm-run to v5

To Reproduce
run npm audit

Expected behavior
npm audit shouldnt find any security issues

Versions (please complete the following information):

Uri Goldshtein · Answer 1 · Wed Oct 30 2019 03:09:56 GMT+0800 (China Standard Time)

We have just released a new structure for GraphQL CLI in new alpha versions 4.0.0-alpha.XXX.

This was a complete rewrite and we've updated all the dependencies.

Can you please check it out and see if that issue is still relevant?

Checkout the new instructions and the migration guide on the docs and let us know your feedback.

Feel free to contact us by opening an issue or using our Discord channel;
https://discord.gg/xud7bH

Uri Goldshtein · Answer 2 · Wed Oct 30 2019 04:00:47 GMT+0800 (China Standard Time)

I've posted the wrong Discord link, this is the correct one: https://discord.gg/xud7bH9