serverless-step-functions icon indicating copy to clipboard operation
serverless-step-functions copied to clipboard

Published 20 hours ago verified publisher icon serverless-operations

nom security advisory for `dot-prop` dependency

Open grempe opened this issue 5 years ago • 1 comments

This is a Bug Report

The following dependency is causing npm audit to inform on a high security vulnerability. It doesn't resolve with nom audit fix.

Security advisory link:

https://npmjs.com/advisories/1213

┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High          │ Prototype Pollution                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ dot-prop                                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=5.1.1                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ serverless-step-functions [dev]                              │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ serverless-step-functions > serverless > update-notifier >   │
│               │ configstore > dot-prop                                       │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://npmjs.com/advisories/1213                            │
└───────────────┴──────────────────────────────────────────────────────────────┘

grempe avatar Jul 29 '20 23:07 grempe

@grempe thanks, will take a look

theburningmonk avatar Aug 05 '20 21:08 theburningmonk