Open s-huh opened 2 years ago
Likewise, same problem with our application too. npm audit
shows the issue as critical and our attempts to use npm-force-resolutions and npm audit fix
combinations haven't yielded great results. We can get around it with npm-force-resolutions but that introduces other issues! If this can be fixed in the sumo package that would be ideal. Thanks.
Just linking to the open issue on superagent to update their dependency on formidable: https://github.com/visionmedia/superagent/issues/1725
I'll take a look and issue a patch
release soon. Thanks for finding that out!
@bpolanczyk any updates on this? it would be great to be able to upgrade without forcing a local resolution. Thank you!
This is still flagging
Does anyone have a resolution for this?
We're getting this as a critical severity as of this morning: https://github.com/advisories/GHSA-8cp3-66vr-3r4c
I've also raised an issue with SuperAgent: https://github.com/ladjs/superagent/issues/1799
Hi, Snyk is identifying an Arbitrary File Upload vulnerability in my project (deemed as Critical) introduced through:
sumo-logger@2.8.1 > superagent@7.1.3 > formidable@2.0.1
. It seems to have been fixed in formidable@3.2.4. Are there any plans to update this dependency to eliminate this vulnerability?