win-ca icon indicating copy to clipboard operation
win-ca copied to clipboard
verified publisher icon ukoloff

win-ca dependent library has security vulnerability

Open BHANU2705 opened this issue 4 years ago • 4 comments

The node-forge-0.10.0.tgz has a security vulnerability.

CVE-2022-0122 JavaScript implementations of network transports, cryptography, ciphers, PKI, message digests, and various utilities.

The latest available version of node-forge is 1.2.1.

Please upgrade the version of node-forge and release an updated version of win-ca.

BHANU2705 avatar Jan 12 '22 07:01 BHANU2705

I opened this PR, but looks like some tests are failing due to it or flaky tests: https://github.com/ukoloff/win-ca/pull/43

stein321 avatar Jan 14 '22 21:01 stein321

Any chance we can up the priority on this PR getting in? win-ca is the only dependency we have left that still uses the vulnerable version of node-forge.

WilliamRADFunk avatar Jan 20 '22 21:01 WilliamRADFunk

this is resolved @BHANU2705

stein321 avatar Mar 10 '22 22:03 stein321

@ukoloff I think this can be closed, right?

gjsjohnmurray avatar Apr 17 '23 08:04 gjsjohnmurray