As reported by npm audit and confirmed by Snyk, the latest version of tabtab has a dependency on the inquirer package, with version 6.5.2 being the most recent version that satisfies the package.json requirement of ^6.0.0. That version of inquirer in turn is potentially vulnerable via its dependencies, so the recommendation is to upgrade to inquirer@7.0.5.
Although it is a major version bump, please consider updating the dependency from ^6.0.0 to ^7.0.0. I don't know if that introduces any backwards incompatibility problems, but releasing a new tabtab version 4.0.0 would be a reasonable resolution if necessary. Thank you in advance for anything you can do to address this vulnerability warning.
As reported by
npm auditand confirmed by Snyk, the latest version oftabtabhas a dependency on theinquirerpackage, with version6.5.2being the most recent version that satisfies thepackage.jsonrequirement of^6.0.0. That version ofinquirerin turn is potentially vulnerable via its dependencies, so the recommendation is to upgrade toinquirer@7.0.5.Although it is a major version bump, please consider updating the dependency from
^6.0.0to^7.0.0. I don't know if that introduces any backwards incompatibility problems, but releasing a newtabtabversion4.0.0would be a reasonable resolution if necessary. Thank you in advance for anything you can do to address this vulnerability warning.