Vulnerability chownr@1.0.1
trollepierre opened this issue · comments
Medium severity vuln found in chownr@1.0.1, introduced via cacache@11.2.0
Description: Time of Check Time of Use (TOCTOU)
Info: https://snyk.io/vuln/npm:chownr:20180731
From: cacache@11.2.0 > chownr@1.0.1
This problem has been reported in isaacs/chownr#14.
It's partially solved in 1.1.0
. But it still isn't completely gone.
Maybe cacache
can use new chownr
? 🤔
Any progress on this?