jfromaniello
commented
2 years ago Hi @shernaz , this change is not required the dependency is:
"node-forge": "^1"which includes all minors and patches releases
Closed shernaz closed 11 months ago
jfromaniello
commented
2 years ago Hi @shernaz , this change is not required the dependency is:
"node-forge": "^1"which includes all minors and patches releases
davidlehn
commented
2 years ago Hi, node-forge maintainer here. It would be good to apply this. If there are any API issues with upgrading, I'm happy to help address them. I'm pretty sure the security issues addressed in recent versions don't effect the APIs used here. But the dependency warnings they cause get shown to everyone regardless. That can cause some confusion that would best be fixed by the upgrade here. Thanks.
I am trying to use the
storybook-addon-playroomwhich has dependencies onselfsigned. We have a security tool that checks for vulnerabilities and we see that the existing version ofnode-forgeused currently poses the vulnerabilities below.https://security.snyk.io/vuln/SNYK-JS-NODEFORGE-2430337 https://security.snyk.io/vuln/SNYK-JS-NODEFORGE-2430339 https://security.snyk.io/vuln/SNYK-JS-NODEFORGE-2430341
Updated the
node-forgedependency to1.3.1.I have made a fix and made sure all the test cases in
selfsignedpasses. It would be of great help if you could please look into this and expedite the process. Thanks in advance. @jfromaniello Please let me know if anything else if needed from my end.