Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

npm audit - json-schema is vulnerable to Prototype Pollution #53

Closed
evandwight opened this issue Nov 24, 2021 · 5 comments
Closed

npm audit - json-schema is vulnerable to Prototype Pollution #53

evandwight opened this issue Nov 24, 2021 · 5 comments

Comments

@evandwight
Copy link

evandwight commented Nov 24, 2021
edited

Problem: npm audit has identified a security with cognito-express version 2.0.19

json-schema is vulnerable to Prototype Pollution due to the request library.

Fix: use a different http request library as request has been deprecated.
@ghdna
Copy link
Owner

ghdna commented Nov 25, 2021

Yeah, changing this.

@jordins
Copy link

jordins commented Jan 17, 2022

hi! first of all, thanks for this library! I would like to know if there's any update on this.

@ghdna ghdna closed this as completed in e33f881 Jan 17, 2022
@ghdna ghdna reopened this Jan 17, 2022
@ghdna
Copy link
Owner

ghdna commented Jan 17, 2022
edited

Just pushed an update on GH (not NPM) replacing request with axios
Let me know if the latest master works well with your workload. If it passes all checks, I'll push to NPM.

@ghdna ghdna closed this as completed in 40925f7 Jan 17, 2022
@ghdna ghdna reopened this Jan 17, 2022
@jordins
Copy link

jordins commented Jan 18, 2022

thanks @ghdna! Just tested your latest changes and it works! 🎉
Will wait for the new npm release.
Thanks again!

@ghdna
Copy link
Owner

ghdna commented Jan 18, 2022

Awesome. I have pushed the latest to NPM (v3.0.1)
Thanks again for pushing on this. Closing this now.

@ghdna ghdna closed this as completed Jan 18, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jordins @ghdna @evandwight