ShipEngine / shipengine-js

The official ShipEngine SDK for Javascript.

https://www.shipengine.com/docs/

Apache License 2.0

15 stars 10 forks source link

Dependency Node-Fetch Recently Identified CVE #168

Closed TwinkieLover closed 2 years ago

TwinkieLover commented 2 years ago

`npm audit

npm audit report

node-fetch <3.1.1 Severity: high node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor - https://github.com/advisories/GHSA-r683-j2x4-v87g fix available via npm audit fix --force Will install shipengine@0.3.1, which is a breaking change node_modules/node-fetch shipengine >=1.0.0-alpha.1 Depends on vulnerable versions of node-fetch node_modules/shipengine`

fishcharlie commented 2 years ago

Pretty sure this isn't an issue anymore.