skhilliard
commented
3 years ago Not seen any replies to this in several days. There has been recent activity for azure-storage....will this be patched also?
Thanks, Kelly
Closed skhilliard closed 3 years ago
skhilliard
commented
3 years ago Not seen any replies to this in several days. There has been recent activity for azure-storage....will this be patched also?
Thanks, Kelly
ramya-rao-a
commented
3 years ago Thanks for reporting @skhilliard
@lirenhe, @dw511214992,
Can you please update the dependency on underscore in both azure-common and azure-sb?
lirenhe
commented
3 years ago cc @nickzhums
dw511214992
commented
3 years ago @skhilliard please use the latest package. thanks
skhilliard
commented
3 years ago @dw511214992 Thank you, I have. I appreciate everyone's efforts in resolving this issue!
We are currently using the latest version (0.11.1) of the azure-sb library (https://www.npmjs.com/package/azure-sb). There is now an underscore vulnerability (via the paths azure-sb > underscore, azure-sb > azure-common > underscore) that needs to be addressed (https://npmjs.com/advisories/1674).
Are there any plans to update this library to patch this?
Thanks, Kelly