Closed AramSol closed 1 year ago
GitHub is still processing the advisory so we haven't yet received a PR for it. The advisory doesn't unlikely to impact grunt-zip
users since it's around prototype pollution: https://github.com/advisories/GHSA-jg8v-48h5-wgxg
If this is high priority to you, please submit a PR. Otherwise, we'll be waiting for the one from GitHub's dependabot
@twolfson, thanks for fast response.
i just wondering if grunt-zip
would still be working with jszip
>3.7.0?
I don't have the bandwidth to pick this up but you can prob check their changelog to see what happened between 2.5.0 and 3.7.0
This has been resolved in grunt-zip@0.20.0
by upgrading to jszip@2.7.0
Hi all, it seem there is a security issue with the jszip package that used in grunt-zip>0.14.0. i got the the warning from GitHub after upgrading grunt-zip to lastest. there is the info that i get by using npm audit and the only package that use jszip can be seen here