stfnhmplr
commented
5 years ago The security vulnerabilities are caused by a third-party package (see path). We have to wait until this get's fixed.
Closed LucasJanin closed 5 years ago
stfnhmplr
commented
5 years ago The security vulnerabilities are caused by a third-party package (see path). We have to wait until this get's fixed.
LucasJanin
commented
5 years ago I was understanding the two packages was patched. Sorry if I misunderstood the error message.
Thanks for your reply!
Hi,
It looks like homebridge-synology@0.3.1 have 2 vulnerabilities (1 low, 1 moderate)
It's maybe not critical, but it will be nice to be fixed.
Thanks
Moderate Regular Expression Denial of Service
Package ms
Patched in >0.7.0
Dependency of homebridge-synology
Path homebridge-synology > polling-to-event > debug > ms
More info https://nodesecurity.io/advisories/46
Low Regular Expression Denial of Service
Package debug
Patched in >= 2.6.9 < 3.0.0 || >= 3.1.0