medikoo
commented
4 months ago @mfernandes-alcumus thanks for opening that What exactly vulnerability, can you provide more details?
Closed mfernandes-alcumus closed 3 months ago
medikoo
commented
4 months ago @mfernandes-alcumus thanks for opening that What exactly vulnerability, can you provide more details?
technicalliy
commented
4 months ago @medikoo it appears to be introduced by es5-ext v0.10.62, and is fixed in v0.10.63. Here's some documentation, and the CVE record.
medikoo
commented
4 months ago @technicalliy memoizee officially works with v0.10.63, but I understand that issue is, that it also allows v0.10.62 as a valid dependency
sergei-lobanov
commented
4 months ago Any plans to change min version?
"dependencies": { "es5-ext": "^0.10.53", -> "es5-ext": "^0.10.63",
medikoo
commented
4 months ago @sergei-lobanov yes I'll post update in next days
kopach
commented
3 months ago @medikoo, any updates here? do you need any help here?
medikoo
commented
3 months ago Fixed with https://github.com/medikoo/memoizee/commit/cbc3d0dd18ed020b0a8fc0409570273caedcca8d and released as v0.4.16
Thanks for pinging me, and sorry for the long wait
We use this package for a lot of our functions and and is show es5-ext as a vulnerability. Please can this be fixed as we have have concerns over the use of your package.