search

Mangopay / mangopay2-nodejs-sdk

Node.js SDK for MANGOPAY
https://www.npmjs.com/package/mangopay2-nodejs-sdk
MIT License
51 stars 38 forks source link

NPM Vulnerabilities in dependency #302

Open DJayFreshBlock opened 2 years ago

DJayFreshBlock commented 2 years ago

node-rest-client project has been abandoned. It has a package dependency of debug.

debug vulnerability: https://github.com/advisories/GHSA-gxpj-cx7g-858c

Was reported in node-rest-client https://github.com/aacerox/node-rest-client/issues/193

npm audit output:

  node-rest-client  >=1.4.8
  Depends on vulnerable versions of debug
  node_modules/node-rest-client
    mangopay2-nodejs-sdk  *
    Depends on vulnerable versions of node-rest-client      
    node_modules/mangopay2-nodejs-sdk

package.json:

{
  ...
  "dependencies": {
    ...
    "mangopay2-nodejs-sdk": "^1.25.0",
    ...
  }
}
fredericdelordm commented 2 years ago

Hello @DJayFreshBlock,

Thank you. We are already on it 😃 . We will you keep you updated when a fix is released.

tenzerothree commented 1 year ago

Hi @fredericdelordm is there any progress on this? It's been over a year and this is still an issue. https://github.com/Mangopay/mangopay2-nodejs-sdk/issues/354