Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

NPM Vulnerabilities in dependency #302

Open
DJayFreshBlock opened this issue Jan 18, 2022 · 2 comments
Open

NPM Vulnerabilities in dependency #302

DJayFreshBlock opened this issue Jan 18, 2022 · 2 comments

Comments

@DJayFreshBlock
Copy link

node-rest-client project has been abandoned. It has a package dependency of debug.

debug vulnerability:
GHSA-gxpj-cx7g-858c

Was reported in node-rest-client aacerox/node-rest-client#193

npm audit output:

  node-rest-client  >=1.4.8
  Depends on vulnerable versions of debug
  node_modules/node-rest-client
    mangopay2-nodejs-sdk  *
    Depends on vulnerable versions of node-rest-client      
    node_modules/mangopay2-nodejs-sdk

package.json:

{
  ...
  "dependencies": {
    ...
    "mangopay2-nodejs-sdk": "^1.25.0",
    ...
  }
}
@fredericdelordm
Copy link
Contributor

Hello @DJayFreshBlock,

Thank you. We are already on it 😃 . We will you keep you updated when a fix is released.

@tenzerothree
Copy link

Hi @fredericdelordm is there any progress on this? It's been over a year and this is still an issue. #354

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@tenzerothree @DJayFreshBlock @fredericdelordm