notifme-sdk icon indicating copy to clipboard operation
notifme-sdk copied to clipboard

Published 20 hours ago verified publisher icon notifme

node-forge Prototype Pollution vulnerability

Open flo-sch opened this issue 4 years ago • 2 comments

This package has a dependency towards [email protected] which has an upstream vulnerability towards node-forge: https://www.npmjs.com/advisories/1561

The vulnerability has been fixed upstream by [email protected] (latest release being [email protected])

Would it be possible to release a new version of this package bumping that dependency, to fix this vulnerability issue?

I have no experience with that dependency myself, but it is not a major release so I am expecting such a bump to be straightforward...?

flo-sch avatar Nov 25 '20 10:11 flo-sch

Any update on this. Any issues in merging suggested PR - https://github.com/notifme/notifme-sdk/pull/84?

kevalone avatar Jan 15 '21 13:01 kevalone

I am not quite certain this package is still actively maintained to be honest. That would be sad since I do not know a lot of alternatives, but this is the Open Source life 🤷‍♂

flo-sch avatar Jan 20 '21 11:01 flo-sch