Closed anthony-langford closed 1 year ago
Hello @anthony-langford, thank you for the report, we will work on this.
Filed internally as 187508.
Hello @anthony-langford, we have just released Node Server SDK 7.0.1, which should address this issue. Please feel free to open an issue with us if you find something else.
Thanks for the quick resolution @louis-launchdarkly 🙏
Is this a support request? No.
Describe the bug There is a security vulnerability in the
async
dependency. Version7.0.0
ofnode-server-sdk
currently has a dependency onasync
version3.0.0
which is considered a high security risk according to NIST.Updating the
async
dependency to version 3.2.2 resolves the security issue.To reproduce N/A
Expected behavior N/A
Logs N/A
SDK version N/A
Language version, developer tools N/A
OS/platform N/A
Additional context https://nvd.nist.gov/vuln/detail/CVE-2021-43138