Old googleapis dependency with vulnerabilities

actions-on-google / actions-on-google-nodejs

Node.js client library for Actions on Google

https://actions-on-google.github.io/actions-on-google-nodejs

Apache License 2.0

900 stars 197 forks source link

Old googleapis dependency with vulnerabilities #341

Closed rullan939 closed 4 years ago

rullan939 commented 4 years ago

Doing 'npm audit' in the project reports 1 high severity vulnerability:

High │ Improper Authorization Package │ googleapis Patched in │ >=38.0.0 Dependency of │ actions-on-google Path │ actions-on-google > googleapis More info │ https://npmjs.com/advisories/791

Fleker commented 4 years ago

We're aware of this. @Canain is working on an update.

Canain commented 4 years ago

Thanks for the issue!

This is now fixed with 0fe8d10ac0e7077ecb037cd2a3c96b4ae06d2639 in 2.9.1.