Node.js Version
22.11.0
NPM Version
10.9.0
Operating System
windows
Subsystem
Other
Description
npm fixed a critical security vulnerability in version 10.9.1. The current LTS of nodejs and the next version 23.3.0 are in npm version 10.9.0.
Usually when nodejs will update the npm version. Also in the meantime the upgrade is done, is there any solution to handle this issue, like we need to manually upgrade to latest npm or upgrade just that library(cross-spawn) in nodejs.
npm/cli#7902
https://nvd.nist.gov/vuln/detail/CVE-2024-21538
Minimal Reproduction
No response
Output
No response
Before You Submit
Node.js Version
22.11.0
NPM Version
10.9.0
Operating System
windows
Subsystem
Other
Description
npm fixed a critical security vulnerability in version 10.9.1. The current LTS of nodejs and the next version 23.3.0 are in npm version 10.9.0.
Usually when nodejs will update the npm version. Also in the meantime the upgrade is done, is there any solution to handle this issue, like we need to manually upgrade to latest npm or upgrade just that library(cross-spawn) in nodejs.
npm/cli#7902
https://nvd.nist.gov/vuln/detail/CVE-2024-21538
Minimal Reproduction
No response
Output
No response
Before You Submit