Sujay-shetty
commented
2 years ago @gdeluna-branch or @echo-branch could you please update this minor version of plist?
Closed Sujay-shetty closed 2 years ago
Sujay-shetty
commented
2 years ago @gdeluna-branch or @echo-branch could you please update this minor version of plist?
echo-branch
commented
2 years ago @Sujay-shetty If I'm not mistaken, you can clear the cached version in node_modules and reinstall. That should pick up the fixed version.
"plist": "^3.0.4" https://github.com/BranchMetrics/cordova-ionic-phonegap-branch-deep-linking-attribution/blob/master/package.json#L62
npm package.json docs https://github.com/npm/node-semver#caret-ranges-123-025-004
We will be working on a new release as well.
gdeluna-branch
commented
2 years ago Yes we'll aim to update this week. Thanks for the heads up @Sujay-shetty
JagadeeshKaricherla-branch
commented
2 years ago @Sujay-shetty : Our caret range should cover plist patch version.
2 ways to fix :
1) npm update plist
2) rm -rf the version in node_modules and re-install
Sujay-shetty
commented
2 years ago Hi @JagadeeshKaricherla-branch , I tried above way but it is referring to version 3.0.4 only, so latest version it is not picking. Due to which I have created this issue.
echo-branch
commented
2 years ago @Sujay-shetty Sorry for the delay, but 5.1.0 is now released.
Hi,
There is new critical Prototype Pollution vulnerability found in plist according to below CVE. https://github.com/advisories/GHSA-4cpg-3vgw-4877
which is fixed in plist version 3.0.5 (https://github.com/TooTallNate/plist.js/issues/114).
Could you please update branch-sdk package.json to use latest version of plist.
Thanks, Sujay