search

rollbar / rollbar.js

Error tracking and logging from Javascript to Rollbar
https://docs.rollbar.com/docs/javascript
MIT License
566 stars 212 forks source link

rollbar Vulnerability - CVE-2020-26302 #1100

Closed deepikavijay528 closed 11 months ago

deepikavijay528 commented 1 year ago

Need to update request-ip's library version in rollbar's package.json file. As we are getting vulnerability related to "is_js" under this CVE "CVE-2020-26302"

ghost commented 1 year ago

To brief it more, We are getting the vulnerability CVE-2020-26302 due to a package “is_js”. This package is internally used by one of the library request-ip which is mentioned in the package.json. On further observation we have found that the request-ip is already on it latest version 3.3.0 in package.json but in package-lock.json it’s still showing on lower one. Whenever we are trying to use your latest version of rollbar (2.26.1) it’s pulling the older version of request-ip (2.0.2.tgz). Can you please look into the issue