There is no 4.1.1 on npm

Question

xPaw opened this issue 4 years ago · comments

warning mocha > yargs-unparser > flat@4.1.0: Fixed a prototype pollution security issue in 4.1.0, please upgrade to ^4.1.1 or ^5.0.1.

Will fix

Fixed

DevRCRun · Answer 1 · Mon Sep 21 2020 16:07:22 GMT+0800 (China Standard Time)

Same is true of 4.1.2

Waldemar Neto · Answer 2 · Wed Sep 23 2020 17:40:38 GMT+0800 (China Standard Time)

same here, any news?

Filipp Riabchun · Answer 3 · Wed Oct 14 2020 01:57:03 GMT+0800 (China Standard Time)

@timoxley can you please comment on that?

Tim Kevin Oxley · Answer 4 · Wed Oct 14 2020 23:24:30 GMT+0800 (China Standard Time)

Fixed. My bad, pushed tag to github but didn't publish to npm. 4.1.1 published + all other versions with previous prototype pollution fix.

Same is true of 4.1.2

There was never a 4.1.2.

Avi Vahl · Answer 5 · Thu Oct 15 2020 02:33:16 GMT+0800 (China Standard Time)

@timoxley latest now points to 3.0.1 instead of 5.0.2 :o

Tim Kevin Oxley · Answer 6 · Thu Oct 15 2020 08:22:31 GMT+0800 (China Standard Time)

Ugh I thought npm fixed that so it wouldn't update the latest tag to an older version. Maybe I just dreamed that.