safe-eval shows High and Critical

hacksparrow / safe-eval

Safer version of eval()

257 stars 37 forks source link

safe-eval shows High and Critical #20

Open shirshandu opened 4 years ago

shirshandu commented 4 years ago

Found 2 vulnerabilities (1 high, 1 critical)

Any thoughts on it.

in package.json "safe-eval": "^0.4.1",

shirshandu commented 4 years ago

slonkazoid commented 4 years ago

That vulnerability was fixed in 2017. @hacksparrow will you update the npm advisories?

lcnvdl commented 4 years ago

I'm still having this vulnerability too in the latest version. My temporary solution was:

npm i --save https://github.com/hacksparrow/safe-eval.git

alechash commented 3 years ago

Are there any updates on this issue?

jackHedaya commented 3 years ago

I'm getting these same warnings from GitHub's dependabot using 0.4.1. Does the master branch have the release ready and just needs to be deployed or is this still an unsolved issue?