Skip to content

There is a vulnerability in merge 1.2.1,upgrade recommended #2496

Open
Open
There is a vulnerability in merge 1.2.1,upgrade recommended#2496

Description

@QiAnXinCodeSafe
QiAnXinCodeSafe
opened on Aug 12, 2021

hig/acceptance/yarn.lock

Lines 6871 to 6873 in 8068083

merge@^1.2.0:
version "1.2.1"
resolved "https://registry.yarnpkg.com/merge/-/merge-1.2.1.tgz#38bebf80c3220a8a487b6fcfb3941bb11720c145"

CVE-2020-28499

Recommended upgrade version:2.1.1

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions