Closed jerrywang1981 closed 10 months ago
@jerrywang1981 - The browserify-sign dependencies package is always downloaded to the latest version because we don't specify any particular versions for the browserify-sign in package.json. Thus, there's no need to fix.
@IBMalok thank you.
https://github.com/advisories/GHSA-x9w5-v3q2-3rhw Vulnerable Library - browserify-sign-4.2.1.tgz
it seemed ibm-cos-sdk depended on this package, any plan to publish new version to fix this problem?