mangopay2-nodejs-sdk icon indicating copy to clipboard operation
mangopay2-nodejs-sdk copied to clipboard

Published 20 hours ago verified publisher icon Mangopay

NPM Vulnerabilities in dependency

Open DJayFreshBlock opened this issue 3 years ago • 2 comments

node-rest-client project has been abandoned. It has a package dependency of debug.

debug vulnerability: https://github.com/advisories/GHSA-gxpj-cx7g-858c

Was reported in node-rest-client https://github.com/aacerox/node-rest-client/issues/193

npm audit output:

  node-rest-client  >=1.4.8
  Depends on vulnerable versions of debug
  node_modules/node-rest-client
    mangopay2-nodejs-sdk  *
    Depends on vulnerable versions of node-rest-client      
    node_modules/mangopay2-nodejs-sdk

package.json:

{
  ...
  "dependencies": {
    ...
    "mangopay2-nodejs-sdk": "^1.25.0",
    ...
  }
}

DJayFreshBlock avatar Jan 18 '22 21:01 DJayFreshBlock

Hello @DJayFreshBlock,

Thank you. We are already on it 😃 . We will you keep you updated when a fix is released.

fredericdelordm avatar Jan 19 '22 09:01 fredericdelordm

Hi @fredericdelordm is there any progress on this? It's been over a year and this is still an issue. https://github.com/Mangopay/mangopay2-nodejs-sdk/issues/354

tenzerothree avatar Mar 17 '23 09:03 tenzerothree