Closed AramSol closed 1 year ago
twolfson
commented
2 years ago GitHub is still processing the advisory so we haven't yet received a PR for it. The advisory doesn't unlikely to impact grunt-zip users since it's around prototype pollution: https://github.com/advisories/GHSA-jg8v-48h5-wgxg
If this is high priority to you, please submit a PR. Otherwise, we'll be waiting for the one from GitHub's dependabot
AramSol
commented
2 years ago @twolfson, thanks for fast response.
i just wondering if grunt-zip would still be working with jszip >3.7.0?
twolfson
commented
2 years ago I don't have the bandwidth to pick this up but you can prob check their changelog to see what happened between 2.5.0 and 3.7.0
twolfson
commented
1 year ago This has been resolved in grunt-zip@0.20.0 by upgrading to jszip@2.7.0
Hi all, it seem there is a security issue with the jszip package that used in grunt-zip>0.14.0. i got the the warning from GitHub after upgrading grunt-zip to lastest.
there is the info that i get by using npm audit
and the only package that use jszip can be seen here
