nedb icon indicating copy to clipboard operation
nedb copied to clipboard

Published 20 hours ago verified publisher icon louischatriot

Please update dependency underscore

Open jfoclpf opened this issue 2 years ago • 4 comments

@louischatriot please just update dependency underscore as it is tagged as high vulnerability

# npm audit report

nedb  *
Severity: high
Prototype Pollution - https://github.com/advisories/GHSA-339j-hqgx-qrrx
Depends on vulnerable versions of binary-search-tree
Depends on vulnerable versions of underscore
No fix available
node_modules/nedb

underscore  1.3.2 - 1.12.0
Severity: high
Arbitrary Code Execution in underscore - https://github.com/advisories/GHSA-cf4h-3jhx-xvhq
No fix available
node_modules/underscore
  binary-search-tree  *
  Depends on vulnerable versions of underscore
  node_modules/binary-search-tree

3 high severity vulnerabilities

Some issues need review, and may require choosing
a different dependency.

jfoclpf avatar Jun 14 '22 20:06 jfoclpf

https://github.com/advisories/GHSA-cf4h-3jhx-xvhq

jfoclpf avatar Jun 14 '22 20:06 jfoclpf

Incase anyone is still looking for a solution try gray-nedb. I've upgraded some code.

GrayHat12 avatar Jun 20 '22 05:06 GrayHat12

Incase anyone is still looking for a solution try gray-nedb. I've upgraded some code.

Thanks! Are you planning to do any updates further?

NotAHolyPerson avatar Aug 10 '22 19:08 NotAHolyPerson

Incase anyone is still looking for a solution try gray-nedb. I've upgraded some code.

Thanks! Are you planning to do any updates further?

I do want to properly maintain the code, can't guarantee it though.

GrayHat12 avatar Aug 11 '22 14:08 GrayHat12