CVE-2020-7660: Fix is breaking change

dwyl / smart-home-auth-server

The authorisation server for dwyl/smart-home-security-system

GNU General Public License v2.0

5 stars 1 forks source link

CVE-2020-7660: Fix is breaking change #23

Open th0mas opened 3 years ago

th0mas commented 3 years ago

I've tried to fix CVE-2020-7660 by bumping our JS dependency:

"serialize-javascript": ">=3.1.0"

Unfortunately this is a breaking change that prevents our app from building...

We definitely need to fix this before deploying our system to production.

Side note, learned not to push simple security fixes to master.....

nelsonic commented 3 years ago

@th0mas OK. let's just leave this issue open for now until an upstream fix is available. (assuming we aren't using "serialize-javascript" directly in an of our code ...)