Skip to content
This repository has been archived by the owner on May 5, 2023. It is now read-only.

npm audit reported about a vulnerability in "async" dependency #5230

Closed
AntonTimiskov opened this issue Apr 14, 2022 · 2 comments
Closed

npm audit reported about a vulnerability in "async" dependency #5230

AntonTimiskov opened this issue Apr 14, 2022 · 2 comments
Assignees
@qiaozha
Labels
customer-reported This issue was reported by a customer.

Comments

@AntonTimiskov
Copy link

async <2.6.4
Severity: high
Prototype Pollution in async - GHSA-fwr7-v2mv-hh25

How to fix: update the dependency to the latest version.
@bwateratmsft
Copy link

The pinning to exactly 2.6.0 of async is preventing us in the Azure Account extension for VSCode from fixing this.

@lirenhe
Copy link

lirenhe commented Apr 18, 2022

@qiaozha, could you help to take a look?

@lirenhe lirenhe added the customer-reported This issue was reported by a customer. label Apr 18, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@qiaozha qiaozha

Labels
customer-reported This issue was reported by a customer.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@AntonTimiskov @lirenhe @mpodwysocki @bwateratmsft @qiaozha