Closed chergott closed 2 years ago
Any update?
@eriktrom Any chance to get this fixed? Thanks!
@eriktrom Friendly ping, can you look at this, thanks?
@eriktrom I would really appreciate if you could fix this. Thanks.
There's a PR to backport the fix to the 2.x branch on the async
repo: https://github.com/caolan/async/pull/1828
Team, any status on this fix?
I think Kiskoza's comment already addressed this. You just need to update the patch version.
Dependabot opened https://github.com/http-party/node-portfinder/issues/126
portfinder is currently using async@^2.6.2 which has a known Prototype Pollution vulnerability
async@^3.2.2 addresses this vulnerability
Additional information: NVD: https://nvd.nist.gov/vuln/detail/CVE-2021-43138 Snyk: https://security.snyk.io/vuln/SNYK-JS-ASYNC-2441827