Skip to content

Commit

Permalink
fix: use @snyk/configstore instead of configstore
Browse files Browse the repository at this point in the history
Using a forked version of configstore to fix a a prototype pollution in its dependency dot-prop present in versions < 5.1.0
  • Loading branch information
jjmschofield committed Jan 31, 2020
1 parent 2c21f03 commit 93845d9
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 2 deletions.
2 changes: 1 addition & 1 deletion package.json
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,7 @@
"license": "Apache-2.0",
"dependencies": {
"@snyk/cli-interface": "2.3.0",
"@snyk/configstore": "^3.2.0-rc1",
"@snyk/dep-graph": "1.13.1",
"@snyk/gemfile": "1.2.0",
"@snyk/snyk-cocoapods-plugin": "2.0.1",
Expand All @@ -64,7 +65,6 @@
"ansi-escapes": "3.2.0",
"chalk": "^2.4.2",
"cli-spinner": "0.2.10",
"configstore": "^3.1.2",
"debug": "^3.1.0",
"diff": "^4.0.1",
"git-url-parse": "11.1.2",
Expand Down
2 changes: 1 addition & 1 deletion src/lib/user-config.js
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
const Configstore = require('configstore');
const Configstore = require('@snyk/configstore');
const pkg = require(__dirname + '/../../package.json');
const config = new Configstore(pkg.name);

Expand Down

0 comments on commit 93845d9

Please sign in to comment.