search

watson-developer-cloud / node-sdk

:comet: Node.js library to access IBM Watson services.
https://www.npmjs.com/package/ibm-watson
Apache License 2.0
1.48k stars 669 forks source link

Issue on a dependency - CVE-2023-26136 #1199

Closed Reni88 closed 9 months ago

Reni88 commented 11 months ago

Hi,

Good day. Just wanted to inform that we encountered a security issue on one of watson-developer-cloud dependency for its version 3.18.4:

Dependency: tough-cookie Version: 2.3.4

It is raised under this CVE ID: CVE-2023-26136

If this was already discussed and resolution was already delivered. Let us know. Thank you.

apaparazzi0329 commented 9 months ago

We no longer provide support for version 3 of the node-sdk. If you would like to avoid this vulnerability you will have to upgrade a newer of the node-sdk, preferably the latest version.

Reni88 commented 8 months ago

Thanks. Got it.