Open adlawren opened 3 years ago
Greetings :wave:
A CVE was recently opened for dns-packet: https://nvd.nist.gov/vuln/detail/CVE-2021-23386. dns-packet is a dependency of multicast-dns. multicast-dns uses the fixed version of dns-packet as of version 7.2.3: https://github.com/mafintosh/multicast-dns/blob/309a1aa77fc85a81f04117ca16350b87a26faba1/package.json#L11, however bonjour currently only uses multicast-dns versions from the 6.x series: https://github.com/watson/bonjour/blob/master/package.json#L11; multicast-dns will need to be upgraded to pull in the fix for this CVE
dns-packet
multicast-dns
bonjour
Any chance this dependency will be bumped into a newer version anytime soon?
Greetings :wave:
A CVE was recently opened for
dns-packet
: https://nvd.nist.gov/vuln/detail/CVE-2021-23386.dns-packet
is a dependency ofmulticast-dns
.multicast-dns
uses the fixed version ofdns-packet
as of version 7.2.3: https://github.com/mafintosh/multicast-dns/blob/309a1aa77fc85a81f04117ca16350b87a26faba1/package.json#L11, howeverbonjour
currently only usesmulticast-dns
versions from the 6.x series: https://github.com/watson/bonjour/blob/master/package.json#L11;multicast-dns
will need to be upgraded to pull in the fix for this CVE