Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

npm audit issue for @commitlint/config-conventional (dot-prop)

See original GitHub issue

We have encountered an npm audit issue regarding @commitlint/config-conventional

Screenshot 2020-07-30 at 3 02 15 PM

It is understood that the version fix is already in master but is yet to be published. https://github.com/conventional-changelog/commitlint/commit/44144ca7ac2b8e748e717f2dc6be2c5b1ea1f124

Expected Behavior

Has no/low npm audit issue.

Current Behavior

Version 9.1.2 is having the npm audit issue.

Affected packages

cli
core
prompt
config-angular

Possible Solution

Steps to Reproduce (for bugs)

First step
Second step

commitlint.config.js

```js ```

Context

Affecting our CI flow with npm audit checks. The advisory was published 29 July 2020.

Your Environment

Executable	Version
`commitlint --version`	VERSION
`git --version`	VERSION
`node --version`	10.16.0

Issue Analytics

State:
Created 3 years ago
Reactions:11
Comments:9

Top GitHub Comments

12reactions

escapedcatcommented, Aug 16, 2020

We’ll switch next to latest soon and create a new next from current master.
This duplicates/relates to #2032 (Edit: it does not)

4reactions

jfayloncommented, Jul 30, 2020

Thank you 😃 looking forward to it 😃

Top Results From Across the Web

Facing vulnerability security issue for dot-prop when updating ...

After updating npm to the latest, I ran npm audit and got two vulnerabilities for the dot-prop package dependency which is showing under...

dot-prop - npm

Get, set, or delete a property from a nested object using a dot path. Latest version: 7.2.0, last published: 10 months ago.

npm audit: Broken by Design - Overreacted

1 vulnerabilities (0 moderate, 1 high) To address issues that do not require attention, run: npm audit fix To address all issues (including ......

Resolve NPM security vulnerabilities - Payam Mousavi - Medium

It says, the dot-prop package has a security issue which needs to get fixed, ... But if you run npm audit fix you'll...

Troubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.

Start Free

Top Related Reddit Thread

No results found

Top Related Tweet

No results found

Top Related Dev.to Post

No results found

npm audit issue for @commitlint/config-conventional (dot-prop)

Expected Behavior

Current Behavior

Affected packages

Possible Solution

Steps to Reproduce (for bugs)

Context

Your Environment

Issue Analytics

Top GitHub Comments

Top Results From Across the Web

Top Related Medium Post

Top Related StackOverflow Question

Troubleshoot Live Code

Top Related Reddit Thread

Top Related Hackernoon Post

Top Related Tweet

Top Related Dev.to Post

Top Related Hashnode Post

[input] is required: supply via stdin, or --env or --edit or --from and --to

Ability append / prepend a prefix or a dynamic text on commit message