Closed sgkim126 closed 5 years ago
stringstream below 0.0.6 has a vulnerability. https://hackerone.com/reports/321670 Actually, it would not affect our project because it appears node 4.x and below, but we specified the project to use node 10.0 and above. https://github.com/CodeChain-io/codechain-explorer/blob/d2f6dda828103b77c3170d47b6c49e7ff776248a/package.json#L12 But I think it's better to upgrade because we are using stringstream 0.0.5 and 0.0.6. I cannot find a reason to use two different versions of stringstream.
stringstream below 0.0.6 has a vulnerability. https://hackerone.com/reports/321670 Actually, it would not affect our project because it appears node 4.x and below, but we specified the project to use node 10.0 and above. https://github.com/CodeChain-io/codechain-explorer/blob/d2f6dda828103b77c3170d47b6c49e7ff776248a/package.json#L12 But I think it's better to upgrade because we are using stringstream 0.0.5 and 0.0.6. I cannot find a reason to use two different versions of stringstream.