asset-builder icon indicating copy to clipboard operation
asset-builder copied to clipboard

Published 20 hours ago verified publisher icon austinpray

Need to update object-path dependency.

Open joelschlotterer opened this issue 4 years ago • 2 comments

───────────────┬──────────────────────────────────────────────────────────────┐ │ High │ Prototype Pollution │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Package │ object-path │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Patched in │ >=0.11.5 │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Dependency of │ asset-builder [dev] │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Path │ asset-builder > object-path │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ More info │ https://npmjs.com/advisories/1573

joelschlotterer avatar Dec 24 '20 15:12 joelschlotterer

It's been fixed in #79 but still waiting author to release the new version :D hope author will have time soon.

vijayhardaha avatar Dec 02 '21 23:12 vijayhardaha

Meanwhile, I am using npm-force-resolutions to get rid of all the issues from the packages. If you want to solve the issues then you can follow these steps:

First, you need to add new script "preinstall": "npx npm-force-resolutions" in you package.json Your scripts code will look like this:

"scripts": {
    "preinstall": "npx npm-force-resolutions",
    // Other scripts goes here.
}

Then in your package.json, you'll have to add a new node "resolutions" and inside that, you'll have to specify the package name and version that suggested to fix the issue.

In the case of asset-builder the code will look like this:

"resolutions": {
    "object-path": "^0.11.8"
}

then run the npm install and the issue will be removed for object-path

vijayhardaha avatar Dec 03 '21 00:12 vijayhardaha