Update "async" dependency #126
Comments
|
Any update? |
|
@eriktrom Any chance to get this fixed? Thanks! |
|
@eriktrom Friendly ping, can you look at this, thanks? |
|
@eriktrom I would really appreciate if you could fix this. Thanks. |
|
There's a PR to backport the fix to the 2.x branch on the |
|
Team, any status on this fix? |
|
I think Kiskoza's comment already addressed this. You just need to update the patch version. |
|
Dependabot opened #126 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
portfinder is currently using async@^2.6.2 which has a known Prototype Pollution vulnerability
async@^3.2.2 addresses this vulnerability
Additional information:
NVD: https://nvd.nist.gov/vuln/detail/CVE-2021-43138
Snyk: https://security.snyk.io/vuln/SNYK-JS-ASYNC-2441827
The text was updated successfully, but these errors were encountered: