CVE-2023-46234 any plan to publish new version to fix this?

IBM / ibm-cos-sdk-js

ibm-cos-sdk-js

Apache License 2.0

38 stars 20 forks source link

CVE-2023-46234 any plan to publish new version to fix this? #102

Closed jerrywang1981 closed 10 months ago

jerrywang1981 commented 10 months ago

https://github.com/advisories/GHSA-x9w5-v3q2-3rhw Vulnerable Library - browserify-sign-4.2.1.tgz

it seemed ibm-cos-sdk depended on this package, any plan to publish new version to fix this problem?

IBMalok commented 10 months ago

@jerrywang1981 - The browserify-sign dependencies package is always downloaded to the latest version because we don't specify any particular versions for the browserify-sign in package.json. Thus, there's no need to fix.

jerrywang1981 commented 10 months ago

@IBMalok thank you.