node-java icon indicating copy to clipboard operation
node-java copied to clipboard
verified publisher icon joeferner

Vulnerability in async dependency

Open cartene opened this issue 3 years ago • 2 comments

Prototype Pollution in async dependency: https://github.com/advisories/GHSA-fwr7-v2mv-hh25

Please, upgrade it! Thanks!

cartene avatar May 18 '22 10:05 cartene

+1

buntarb avatar Jul 22 '22 15:07 buntarb

DependaBot opened a PR to get this fixed (#553 bumps async from 2.6.1 to 2.6.4). @joeferner Since this is a security issue, can this PR be merged and a new release created? Thanks.

mattmurp avatar Sep 08 '22 15:09 mattmurp