xdevl
commented
1 year ago Hi there, thanks for reporting the problem. Dependencies have been updated to the latest including node-forge 1.3.x which should solve the problem. You can update your project to use node-apk 1.2.0.
I'm using the node-apk latest version which is 1.1.1 it automatically installed node-forge version 0.10.0, I also try to install the lasted version of node-forge, but it's still giving me the same error when I run the npm audit command.
proper error message:
node-forge <=1.2.1 Severity: high Open Redirect in node-forge - https://github.com/advisories/GHSA-8fr3-hfg3-gpgp Prototype Pollution in node-forge debug API. - https://github.com/advisories/GHSA-5rrq-pxf6-6jx5 Improper Verification of Cryptographic Signature in
node-forge- https://github.com/advisories/GHSA-2r2c-g63r-vccr Improper Verification of Cryptographic Signature in node-forge - https://github.com/advisories/GHSA-x4jg-mjrx-434g Improper Verification of Cryptographic Signature in node-forge - https://github.com/advisories/GHSA-cfm4-qjh2-4765 URL parsing in node-forge could lead to undesired behavior. - https://github.com/advisories/GHSA-gf8q-jrpm-jvxq No fix available