high severity vulnerability
cupidchan opened this issue · comments
This has a dependency
└─┬ superstatic@6.0.4
└─┬ update-notifier@2.5.0
└─┬ configstore@3.1.2
└── dot-prop@4.2.0
and dot-prop has a high severity vulnerability: https://npmjs.com/advisories/1213 The function set does not restrict the modification of an Object's prototype, which may allow an attacker to add or modify an existing property that will exist on all objects. The remediation is to upgrade to version 5.1.1 or later.
If we upgrade update-notifier to 4.1.0, the downstream dependency should be updated with the high severity vulnerability fixed.
This should be resolved now. Thanks!