Closed mltsy closed 2 months ago
Ah! This appears to be fixed in 1.4.4-beta.0 (although it's not noted in the tag description)
We will ship new version today. I checked and this SDK doesn't use the vulnerable package, because it doesn't support "IP" and "Hostname" strategies.
Describe the bug
This is the vulnerability: https://github.com/advisories/GHSA-2p57-rm9w-gvfp
It was fixed in unleash-client-node 5.5.4: https://github.com/Unleash/unleash-client-node/pull/622
Steps to reproduce the bug
No response
Expected behavior
No response
Logs, error output, etc.
No response
Screenshots
No response
Additional context
No response
Unleash version
5.6.6
Subscription type
Open source
Hosting type
Self-hosted
SDK information (language and version)
unleash-client-nextjs@1.4.3 (and possibly other dependents of unleash-client-node?)