In our Aurelia v1 (1.3.1) project we see that aurelia-path has vulnerability:
How we could update this nested dependency without updating Aurelia to v2?
In our Aurelia v1 (1.3.1) project we see that aurelia-path has vulnerability:
How we could update this nested dependency without updating Aurelia to v2?
Just remove package-lock.json (or yarn.lock) and node_modules, then reinstall packages again.
To verify the version of any local package, you can do
npm ls aurelia-path
The latest version of aurelia-path is v1.1.7.