search

royNiladri / js-big-decimal

Work with large numbers on the client side with high precision.
https://www.npmjs.com/package/js-big-decimal
MIT License
156 stars 28 forks source link

js-big-decimal@1.3.5 vulnerable #73

Closed scytalelabs closed 2 years ago

scytalelabs commented 2 years ago

js-big-decimal@1.3.5 requires got@^9.6.0 via a transitive dependency on package-json@6.5.0 No patched version available for got

scytalelabs commented 2 years ago

Cant add the label Security, some issue with repo setting i guess.

nickdnk commented 2 years ago

Also https://www.cve.org/CVERecord?id=CVE-2021-3807 via ansi-regex dependency.

scytalelabs commented 2 years ago

Any update on this?

janeklb commented 2 years ago

the problem seems to have been accidentally introduced by #75 - #76 should fix it

scytalelabs commented 2 years ago

Waiting for it to be merged. Also when is a npm release expected?

royNiladri commented 2 years ago

Thanks for the fix @janeklb! Merged and new version created v1.3.6. Please check and confirm.