update the lockfile to automatically remove the high severity vulnerability introduced in @haul-bundler/core

Hi, @zamotany, I have reported a [vulnerability issue](https://snyk.io/vuln/SNYK-JS-TREEKIT-1077068) in package **terminal-kit**.

As far as I am aware, vulnerability(high severity) [**SNYK-JS-TREEKIT-1077068**](https://snyk.io/vuln/SNYK-JS-TREEKIT-1077068) detected in package **tree-kit(<0.7.0)** is directly referenced by  **terminal-kit@1.49.3**, on which your package **@haul-bundler/core@0.23.0** directly depends. As such, this vulnerability can also affect **@haul-bundler/core@0.23.0** via the following path:
`@haul-bundler/core@0.23.0 ➔ terminal-kit@1.49.3 ➔ tree-kit@0.6.2(vulnerable version)`

Since **terminal-kit** has released a new patched version **terminal-kit@1.49.4** to resolve this issue (**terminal-kit@1.49.4 ➔ tree-kit@0.7.0(fix version)**), then this vulnerability patch can be automatically propagated into your project only if you **update your lockfile**. The following is your [**new dependency path**](https://npmgraph.js.org/?q=%40haul-bundler%2Fcore%400.23.0) :
`@haul-bundler/core@0.23.0 ➔ terminal-kit@1.49.4 ➔ tree-kit@0.7.0(vulnerability fix version)`.

![dependency path](https://user-images.githubusercontent.com/86952306/130203044-4614ec61-703c-450a-b6fa-2b93e7047e36.png)



A warm tip.^_^
Best regards,


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

update the lockfile to automatically remove the high severity vulnerability introduced in @haul-bundler/core #765

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

update the lockfile to automatically remove the high severity vulnerability introduced in @haul-bundler/core #765

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions