ramonjaspers
commented
1 year ago for others, i currently fixed this in my repo by using https://www.npmjs.com/package/yarn-audit-fix
Closed ramonjaspers closed 1 year ago
ramonjaspers
commented
1 year ago for others, i currently fixed this in my repo by using https://www.npmjs.com/package/yarn-audit-fix
Grohden
commented
1 year ago @ramonjaspers but this is still an issue that codepush should solve updating their deps right? can't we reopen this one?
Code-push uses the superagent-proxy dependency which has not been updated in two years and has peers which are even older resulting in outdated dependencies. When running an audit with code-push installed the following critical is returned. critical │ vm2 vulnerable to sandbox escape
Package │ vm2
Patched in │ >=3.9.15
Dependency of │ react-native-code-push
Path react-native-code-push > code-push > superagent-proxy > │ proxy-agent > pac-proxy-agent > pac-resolver > degenerator > │ vm2More info │ https://www.npmjs.com/advisories/1091646
I see there already is a possible fix https://github.com/microsoft/react-native-code-push/pull/2482, what is the possible time of release?