Closed RTurek closed 10 months ago
Need this fixed asap. Can't use this package in production environments that need to pass security reviews (like for getting an application approved for google integration)
The issue has been around for over a month, plz prioritize this
filestack-js
(and thusfilestack-react
and any other libs that depend onfilestack-js
) has a security vulnerability due to a javascript dependency. Thefast-xml-parser
library needs to be upgraded.Expected Behavior
No security alerts on GitHub or other vulnerability scanners should be triggered by
filestack-js
andfilestack-react
's dependency onfast-xml-parser
Current Behavior
Security alert shows up because of the vulnerability in the older version of
fast-xml-parser
Possible Solution
Upgrade
"fast-xml-parser": "^3.16.0"
to"fast-xml-parser": "^4.2.4"
Additional Screenshots & Documentation
Regex Issue https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-6w63-h3fj-q4vw https://security.snyk.io/vuln/SNYK-JS-FASTXMLPARSER-5668858 https://vulners.com/github/GHSA-6W63-H3FJ-Q4VW
Prototype Pollution issue https://github.com/advisories/GHSA-x3cc-x39p-42qx
Context
All users of this library will be impacted by this.
Your Environment
All environments are impacted by this.