Closed jungdaniel closed 2 years ago
This library depends on ^1.2
which means all 1s. This change is not necessary I think
» npm i selfsigned --save
added 2 packages, and audited 3 packages in 1s
found 0 vulnerabilities
» cat package-lock.json | jq '.packages."node_modules/node-forge".version'
"1.3.0"
Anyway, I just updated the package-lock.json and removed the .2
from the package.json
node-forge@1.2.0
seems to contain vulnerabilities.More details: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24771 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24772 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24773
Issues were addressed in
node-forge@1.3.0
.