Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Upgrade blessed-contrib dep to latest 4.9.0 to avoid indirect vulnerabilities
See original GitHub issuePrerequisites
- I have written a descriptive issue title
- I have searched existing issues to ensure it has not already been reported
Fastify version
2.13.0
Plugin version
No response
Node.js version
14
Operating system
macOS
Operating system version (i.e. 20.04, 11.3, 10)
10.15.7
Description
The current version of the blessed-contrib dependency has some indirect vulnerabilities, so I went ahead with releasing a new version (4.9.0) with those indirect deps on blessed-contrib up to date now.
Note: the vulnerabilities by these indirect dependencies probably have no real impact on the project, but it’s nicer to stay on an updated version of deps and those that don’t introduce any issues.
Steps to Reproduce
Scan the project for vulnerabilities
Expected Behavior
No vulnerabilities reported for dependencies used by fastify-cli
Issue Analytics
- State:
- Created 2 years ago
- Comments:9 (9 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
I maintain
blessed-contrib, let me check what’s the issue there.Just ran
npm audit fixon myfastify-openapi-gluepackage which depends onfastify-cli. This installedblessed-contrib@4.11.0. Runningnpm testafter that produced no errors with 100% code coverage.Fastify-cli itself has dependabot active so
blessed-contrib@4.11.0will automatically be picked up, tested and merged on succesfull test. (e.g. see https://github.com/fastify/fastify-cli/pull/459)@lirantal thanks for the fix !