Skip to content

1 high severity vulnerability #4

Open
Open
1 high severity vulnerability#4
@hamoid

Description

@hamoid
hamoid
opened on Nov 7, 2020

npm install complains about this:

┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High          │ Prototype Pollution in node-forge                            │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ node-forge                                                   │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >= 0.10.0                                                    │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ parcel-bundler                                               │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ parcel-bundler > node-forge                                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://npmjs.com/advisories/1561                            │
└───────────────┴──────────────────────────────────────────────────────────────┘

Thanks for sharing, nice effects!

I wish it was written in plain JS though, without any dependencies. Currently it's almost 10000 lines of javascript (>300Kb) when it could be just a few lines of code.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions