serverless-plugin-browserifier icon indicating copy to clipboard operation
serverless-plugin-browserifier copied to clipboard

Published 20 hours ago verified publisher icon digitalmaas

Async package with high vulnerability issue

Open thiagosanches opened this issue 2 years ago • 1 comments

Hi everyone, good afternoon. It seems that there is a vulnerability issue with the async package as we can see below with the npm audit command:

┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High          │ Prototype Pollution in async                                 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ async                                                        │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=3.2.2                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ serverless-plugin-browserifier [dev]                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ serverless-plugin-browserifier > archiver > async            │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://github.com/advisories/GHSA-fwr7-v2mv-hh25            │
└───────────────┴──────────────────────────────────────────────────────────────┘

Did you guys have the chance to look at this? Thank you, Regards.

thiagosanches avatar Apr 13 '22 17:04 thiagosanches

I've just deployed a new version. Hopefully it is solved.

nolde avatar Apr 21 '22 01:04 nolde