Skip to content

Commit f96e322

Browse files
glennsartiglennsarti
committed
(maint) Pin event-stream due to malicious code
This commit pins the event-stream module due to a vulnerability. dominictarr/event-stream#116 As we only use this in gulp, pinning to an older version seems an adequate way of dealing with this.
1 parent aa5a201 commit f96e322

File tree

2 files changed

+125
-36
lines changed

2 files changed

+125
-36
lines changed

package-lock.json

Lines changed: 123 additions & 35 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

package.json

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -441,7 +441,8 @@
441441
"gulp-downloader": "^1.0.4",
442442
"gulp-decompress": "^2.0.2",
443443
"lodash": ">=4.17.5",
444-
"cryptiles": ">=4.1.2"
444+
"cryptiles": ">=4.1.2",
445+
"event-stream": "< 3.3.4"
445446
},
446447
"dependencies": {
447448
"vscode-languageclient": "5.1.0",

0 commit comments

Comments
 (0)