Closed GerhardSundt closed 1 year ago
If I'm correct we need an update from the https://github.com/joeferner/node-http-mitm-proxy package. The issue has been fixed but not released yet. Others and I asked the owner to release the fix:
Should be fixed with an override
in homebridge-daikin-cloud@1.2.1
npm i homebridge-daikin-cloud returns 4 vulnerabilities (3 moderate and one high). The plugin will not start. Using npm audit report, the following report shows up:
npm audit report
node-forge <=1.2.1 Severity: high Open Redirect in node-forge - https://github.com/advisories/GHSA-8fr3-hfg3-gpgp Prototype Pollution in node-forge debug API. - https://github.com/advisories/GHSA-5rrq-pxf6-6jx5 URL parsing in node-forge could lead to undesired behavior. - https://github.com/advisories/GHSA-gf8q-jrpm-jvxq Improper Verification of Cryptographic Signature in
node-forge
- https://github.com/advisories/GHSA-2r2c-g63r-vccr Improper Verification of Cryptographic Signature in node-forge - https://github.com/advisories/GHSA-x4jg-mjrx-434g Improper Verification of Cryptographic Signature in node-forge - https://github.com/advisories/GHSA-cfm4-qjh2-4765 No fix available node_modules/node-forge http-mitm-proxy Depends on vulnerable versions of node-forge node_modules/http-mitm-proxy daikin-controller-cloud Depends on vulnerable versions of http-mitm-proxy node_modules/daikin-controller-cloud homebridge-daikin-cloud * Depends on vulnerable versions of daikin-controller-cloud node_modules/homebridge-daikin-cloud4 vulnerabilities (3 moderate, 1 high)
Some issues need review, and may require choosing a different dependency.