New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Upgrade nodemon dependency to 1.18.7 to remove event-stream vulnerability #61
Comments
Thanks @M-Zuber and @mfolkeseth ! |
Thank you for bringing it to my attention, I am publishing a new release now |
Wow, that was quick @M-Zuber! Thanks 👍 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
As you're probably aware,
event-stream
ownership has been unintentionally transferred to a malicious user who injected a vulnerability in it.npm-watch
depends onnodemon
^1.12.1
, which depends onevent-stream
. Few hours ago,nodemon
releasedv.1.18.7
which completely remove the dependency frompstree
and subsequently fromevent-stream
.Is there any chance to upgrade to
nodemon
1.18.7
, to completely removeevent-stream
fromnpm-watch
as well? Thanks!The text was updated successfully, but these errors were encountered: