https://bugzilla.redhat.com/show_bug.cgi?id=2060615
--- Comment #5 from Mauro Matteo Cascella <mcascell(a)redhat.com> ---
npm-lockfile v1 shipped in RHEL is not affected by this CVE as it doesn't
include the vulnerable code (i.e., support for `only` parameter).
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2060615