Open kachkaev opened 3 years ago
I have a project that depends on qiniu@7.3.2, which seems to be the latest version.
qiniu@7.3.2
When running yarn audit, this error shows up since a few days ago:
yarn audit
┌───────────────┬──────────────────────────────────────────────────────────────┐ │ high │ netmask npm package vulnerable to octal input data │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Package │ netmask │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Patched in │ >=2.0.1 │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Dependency of │ qiniu │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Path │ qiniu > urllib > proxy-agent > pac-proxy-agent > │ │ │ pac-resolver > netmask │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ More info │ https://www.npmjs.com/advisories/1658 │ └───────────────┴──────────────────────────────────────────────────────────────┘ 1 vulnerabilities found - Packages audited: 901
https://www.npmjs.com/advisories/1658
It’d be great to see a new version of qiniu that depends on netmask@^2.0.1. Thank you!
qiniu
netmask@^2.0.1
I have a project that depends on
qiniu@7.3.2, which seems to be the latest version.When running
yarn audit, this error shows up since a few days ago:https://www.npmjs.com/advisories/1658
It’d be great to see a new version of
qiniuthat depends onnetmask@^2.0.1. Thank you!