NilsBaumgartner1994
commented
3 years ago Oh thank you very much :-) this dependency isn’t used but I will remove it.
Beste Grüße, Nils Baumgartner
Am 22.08.2021 um 15:51 schrieb paimon0715 @.***>:
Hi, @NilsBaumgartner1994, I have reported a vulnerability in package @google-cloud/storage.
As far as I am aware, vulnerability CVE-2020-26289 detected in package date-and-time<0.14.2 is directly referenced by @@., on which your package @. transitively depends. As such, this vulnerability can also affect @. via the following path: @. ➔ @. ➔ @@. ➔ @.***(vulnerable version)
Since @google-cloud/storage has released a new patched version @@. to resolve this issue @*.**@*. ➔ @.(fix version)), then this vulnerability patch can be automatically propagated into your project only if you update your lockfile. The following is your new dependency path : @. ➔ @. ➔ @@. ➔ @.(vulnerability fix version).
A warm tip.^_^
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or unsubscribe.
Hi, @NilsBaumgartner1994, I have reported a vulnerability in package @google-cloud/storage.
As far as I am aware, vulnerability CVE-2020-26289 detected in package date-and-time<0.14.2 is directly referenced by @google-cloud/storage@4.7.0, on which your package nsfw-api@1.0.58 transitively depends. As such, this vulnerability can also affect nsfw-api@1.0.58 via the following path:
nsfw-api@1.0.58 ➔ firebase-admin@8.13.0 ➔ @google-cloud/storage@4.7.0 ➔ date-and-time@0.13.1(vulnerable version)Since @google-cloud/storage has released a new patched version @google-cloud/storage@4.7.2 to resolve this issue (@google-cloud/storage@4.7.2 ➔ date-and-time@0.14.2(fix version)), then this vulnerability patch can be automatically propagated into your project only if you update your lockfile. The following is your new dependency path :
nsfw-api@1.0.58 ➔ firebase-admin@8.13.0 ➔ @google-cloud/storage@4.7.2 ➔ date-and-time@0.14.2(vulnerability fix version).A warm tip.^_^