-
It appears that issue #192 was incorrectly closed as there is still currently an issue with said dependency.
Please can this be resolved to remove this vulnerability?
### Which SDK version are y…
-
At @agoric, we’ve begun investigating how compatible CosmJS is with [SES](https://github.com/Agoric/SES-shim/tree/master/packages/ses#secure-ecmascript-ses) such that projects using CosmJS can use too…
-
We did some extensive checking in @quenktechnologies/noni. This library may also be susceptible since it does a lot of object manipulation.
-
`npm audit` reports the following:
```
=== npm audit security report ===
┌──────────────────────────────────────────────────────────────────────────────┐
│ …
-
This affects the package immer before 9.0.6. A type confusion vulnerability can lead to a bypass of CVE-2020-28477 when the user-provided keys used in the path parameter are arrays. In particular, thi…
-
Client-Side Prototype Pollution (will refer as PP) are increasing. For example, [this](https://github.com/BlackFan/client-side-prototype-pollution) shows many libraries are vulnerable to PP just by pa…
-
This package uses cheerio ^0.22.0 and cheerio uses lodash.merge@4.6.1 . snyk has reported a vulnerability https://snyk.io/vuln/SNYK-JS-LODASHMERGE-173732
Steps to reproduce the behavior:
Run the s…
-
**Describe the bug**
먼저, 좋은 오픈소스 공유해주셔서 감사드립니다. 아래와 같은 문제를 겪고 있어 해결 중에 있습니다.
npm install 시 디펜던시 에러가 나네요 ㅠ
혹시 npm 버전을 어떤 것을 쓰셨는지 공유해주실 수 있을까요? python만 쓰다보니 npm은 처음이라 패키지 설치에서 애를 먹고 있습니다.
package-lo…
-
[xml2js is vulnerable to prototype pollution](https://github.com/advisories/GHSA-776f-qx25-q3cc)
It appears to only be used by fast-xml-parser, currently at 3.21.0 in @esri/hub-common. The latest v…
-
## Overview
Affected versions of this package are vulnerable to Prototype Pollution. An attacker can manipulate the prototype of an object, potentially leading to the alteration of behavior of all …