multer-storage-cloudinary icon indicating copy to clipboard operation
multer-storage-cloudinary copied to clipboard

Published 20 hours ago verified publisher icon affanshahid

Dependency update on pac-resolver vulnerability?

Open sirmisteryflavor opened this issue 3 years ago • 0 comments

Hi, when I run npm install for multer-storage-cloudinary, I get the following warning.

npm install multer-storage-cloudinary

up to date, audited 202 packages in 4s

8 packages are looking for funding
  run `npm fund` for details

4 high severity vulnerabilities

To address all issues, run:
  npm audit fix

Run `npm audit` for details.

I then run the npm audit and the message below is printed. Seems like the fix is to install [email protected]. Will this be implemented? Or should we individually fork and do it manually? Thank you! Learning npm slowly so any suggestion/advice is greatly appreciated.

# npm audit report

pac-resolver  <5.0.0
Severity: high
Code Injection in pac-resolver - https://github.com/advisories/GHSA-9j49-mfvp-vmhm
fix available via `npm audit fix`
node_modules/pac-resolver
  pac-proxy-agent  <=4.1.0
  Depends on vulnerable versions of pac-resolver
  node_modules/pac-proxy-agent
    proxy-agent  1.1.0 - 4.0.1
    Depends on vulnerable versions of pac-proxy-agent
    node_modules/proxy-agent
      cloudinary  >=1.28.0
      Depends on vulnerable versions of proxy-agent
      node_modules/cloudinary

sirmisteryflavor avatar Jan 02 '22 14:01 sirmisteryflavor