Open s-huh opened 2 years ago
JamesIrish
commented
2 years ago Likewise, same problem with our application too. npm audit shows the issue as critical and our attempts to use npm-force-resolutions and npm audit fix combinations haven't yielded great results. We can get around it with npm-force-resolutions but that introduces other issues! If this can be fixed in the sumo package that would be ideal. Thanks.
JamesIrish
commented
2 years ago Just linking to the open issue on superagent to update their dependency on formidable: https://github.com/visionmedia/superagent/issues/1725
bpolanczyk
commented
2 years ago I'll take a look and issue a patch release soon. Thanks for finding that out!
scottdickerson
commented
1 year ago @bpolanczyk any updates on this? it would be great to be able to upgrade without forcing a local resolution. Thank you!
markhughes
commented
5 months ago This is still flagging
domcorso-nib
commented
2 months ago Does anyone have a resolution for this?
We're getting this as a critical severity as of this morning: https://github.com/advisories/GHSA-8cp3-66vr-3r4c
I've also raised an issue with SuperAgent: https://github.com/ladjs/superagent/issues/1799
Hi, Snyk is identifying an Arbitrary File Upload vulnerability in my project (deemed as Critical) introduced through:
sumo-logger@2.8.1 > superagent@7.1.3 > formidable@2.0.1. It seems to have been fixed in formidable@3.2.4. Are there any plans to update this dependency to eliminate this vulnerability?