Closed shernaz closed 11 months ago
Hi @shernaz , this change is not required the dependency is:
"node-forge": "^1"
which includes all minors and patches releases
Hi, node-forge
maintainer here. It would be good to apply this. If there are any API issues with upgrading, I'm happy to help address them. I'm pretty sure the security issues addressed in recent versions don't effect the APIs used here. But the dependency warnings they cause get shown to everyone regardless. That can cause some confusion that would best be fixed by the upgrade here. Thanks.
I am trying to use the
storybook-addon-playroom
which has dependencies onselfsigned
. We have a security tool that checks for vulnerabilities and we see that the existing version ofnode-forge
used currently poses the vulnerabilities below.https://security.snyk.io/vuln/SNYK-JS-NODEFORGE-2430337 https://security.snyk.io/vuln/SNYK-JS-NODEFORGE-2430339 https://security.snyk.io/vuln/SNYK-JS-NODEFORGE-2430341
Updated the
node-forge
dependency to1.3.1
.I have made a fix and made sure all the test cases in
selfsigned
passes. It would be of great help if you could please look into this and expedite the process. Thanks in advance. @jfromaniello Please let me know if anything else if needed from my end.