search

usebruno / bruno

Opensource IDE For Exploring and Testing Api's (lightweight alternative to postman/insomnia)
https://www.usebruno.com/
MIT License
27.74k stars 1.28k forks source link

Remove vunlerable crypto-js-3.1.9-1 #3376

Open stupidly-logical opened 4 weeks ago

stupidly-logical commented 4 weeks ago

I have checked the following:

Describe the bug

npm audit report

crypto-js <4.2.0 Severity: critical crypto-js PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard - https://github.com/advisories/GHSA-xwcq-pm8m-c4vf

.bru file to reproduce the bug

No response

Screenshots/Live demo link

Screenshot 2024-10-28 at 6 05 12 PM
stupidly-logical commented 4 weeks ago

PR #3377