generate-password icon indicating copy to clipboard operation
generate-password copied to clipboard

Published 20 hours ago verified publisher icon brendanashworth

Library Vulnerabilities

Open alonrks opened this issue 3 years ago • 3 comments

According to White Source, underscore library version 1.7.0 has CVE-2021-23358 security vulnerability. Is it possible to upgrade to version underscore - 1.12.1,1.13.0-2 and release new generate-password version?

alonrks avatar Jan 25 '22 11:01 alonrks

@alonrks I don't think this is an actual attack vector because underscore is only used in the testing suite. Nonetheless, would you like to submit a PR upgrading it, and I'll release a new version?

brendanashworth avatar Jan 25 '22 16:01 brendanashworth

Thanks Brendan, will add it.

alonrks avatar Jan 26 '22 07:01 alonrks

@brendanashworth can you please review?

alonrks avatar Jan 30 '22 09:01 alonrks