Joshua Poore created FLAGON-423:
-----------------------------------
Summary: Update Package File to Fix Down Stream Dependencies
Key: FLAGON-423
URL: https://issues.apache.org/jira/browse/FLAGON-423
Project: Flagon
Issue Type: Sub-task
Components: UserALE.js
Affects Versions: UserALE.js 2.0.0, UserALE.js 2.0.1
Environment: node.js
Reporter: Joshua Poore
Assignee: Joshua Poore
Fix For: UserALE.js 2.0.1, UserALE.js 2.0.0
Because the Prototype Pollution vulnerability is so pervasive, npm is rolling
back their "immutable" registry policy to allow for fixes to previous versions
of ubiquitous dependencies (set-value, mixit, lodash). These fixes will bubble
up to existing versions of major userale.js dev dependencies (gulp, nodemon,
babel, etc., etc.). However, as the registry will accept changes to prior
versions of dependencies, the hashes on these dependencies will change. This
requires that we regenerate our package.json file.
--
This message was sent by Atlassian JIRA
(v7.6.14#76016)
