actions-on-google-nodejs icon indicating copy to clipboard operation
actions-on-google-nodejs copied to clipboard
verified publisher icon actions-on-google

npm audit found 10 high severity vulnerabilities (Machine-In-The-Middle)

Open lucalategola opened this issue 6 years ago • 3 comments

npm audit found 10 high severity vulnerabilities of Machine-In-The-Middle type on yours package. The vulnerabilities is on https-proxy-agent package that yours package is dependent. Other information is at this link: https://www.npmjs.com/advisories/1184

lucalategola avatar Oct 21 '19 10:10 lucalategola

Hi, thanks for the notice, we will update the dependencies soon.

Canain avatar Oct 21 '19 21:10 Canain

@Canain newer version of google-auth-library seems to fix this. would this advisory be fixed in next release?

slowtick avatar Jan 13 '20 07:01 slowtick

One thing that needs to be considered is that recent version of google-auth-library require Node version 8.10+. This library has Node 6 as a minimum dependency. A breaking change to this library would need to be made to properly update the library.

Fleker avatar Jan 13 '20 15:01 Fleker