Critical Vulnerability Due to Formidable <3.2.4

SumoLogic / js-sumo-logger

Sumo Logic JavaScript SDK for Logging

Apache License 2.0

45 stars 25 forks source link

Critical Vulnerability Due to Formidable <3.2.4 #136

Open domcorso-nib opened 2 months ago

domcorso-nib commented 2 months ago

When using sumo-logger we are seeing a critical vulnerability on formidable <3.2.4 which is a dependency of superagent: https://github.com/advisories/GHSA-8cp3-66vr-3r4c

I've raised an issue with SuperAgent and they have updated to version 9 which now uses formidable@^3.5.1. This fixes the vulnerability report: https://github.com/ladjs/superagent/pull/1800

Is there any chance sumo-logger can be updated to use superagent@^9.0.1?

tomstrong64 commented 2 months ago

Created a pull request for this :+1:

kvaidy01 commented 2 months ago

We are also facing same issue....can this be looked on priority ?

tomstrong64 commented 2 months ago

@bpolanczyk can you review the merge request?

allicanseenow commented 1 month ago

Any update on this?