Closed Bhavesh-Ahalani closed 11 months ago
Once popsicle-cookie-jar has updated we can just run npm update popsicle-cookie-jar
and it should fix the vulnerability (and as long as it's just a 1.0.0 -> 1.0.1 release)
└─ popsicle@12.1.0
└─ popsicle-cookie-jar@1.0.0
└─ tough-cookie@3.0.1
The latest release includes the updated popsicle-cookie-jar
. This was only a vulnerability if you happened to be using a custom CookieJar
with rejectPublicSuffixes=false
.
popsicle is using popsicle-cookie-jar 1.0.0 which is vulnerable to Prototype Pollution
Reference: https://github.com/advisories/GHSA-72xf-g2v4-qvf3