electron-google-oauth2 icon indicating copy to clipboard operation
electron-google-oauth2 copied to clipboard

Published 20 hours ago verified publisher icon getstation

Security vulnerability with google-p12-pem library

Open christhegrand opened this issue 4 years ago • 0 comments

We're using this library, and Dependabot just alerted us to a problem with it:

Dependabot cannot update node-forge to a non-vulnerable version
The latest possible version that can be installed is 0.9.2 because of the following conflicting dependency:
@getstation/[email protected] requires node-forge@^0.9.0 via a transitive dependency on [email protected]
The earliest fixed version is 0.10.0.

Looking through the yarn.lock file, it looks like google-p12-pem is a dependency of gtoken, which is a dependency of google-auth-library-nodejs. Would it be possible to upgrade the google-auth-library-nodejs dependency?

christhegrand avatar Dec 15 '20 19:12 christhegrand