Update "async": Security vulnerability, prototype pollution #408
Comments
|
https://github.ibm.com/advisories/GHSA-fwr7-v2mv-hh25 |
|
fix waiting to be merged at #409 |
|
subscribed so I can update ejs when its merged |
|
We too are waiting for the release with fix of #411 to be available. |
|
Can't wait to upgrade to new release version with the fix of #411 |
|
Waiting for the fix of #411 to be released |
|
Waiting for the async audit fix urgently, our production deployment is blocked because of this. Request to kindly expedite. |
|
@shreya410 I share your sense of urgency, but I'm not sure that requesting that the work be expedited is what's needed here. Instead it's a good time to reflect on the fact that so many talented people are choosing to devote their time to produce this useful software and make it freely available to the world. It might be possible to expedite it if more people provided funding to support that development, though. |
|
Absolutely! I deeply appreciate everyone's contributions here. Apologies if this sounded ungrateful. |
|
Apologies for the delay on this. Pushed to NPM, v10.8.5. Re. funding, the the suggestions are appreciated, but I have a hard time imagining how donations for a project like this would pay anything resembling a full-time developer's salary. Again, apologies for the delay pushing this out. I'll do my best to be a little more on top of these arbitrary bumps that are required to satisfy automated security audits. And a quick reminder, I will delete posts on threads that I consider needlessly belligerent. |
|
Same here, async <2.6.4 3 high severity vulnerabilities |
|
This has been fixed. You need to update Jake. |
Hi there,
there is a security vulnerability in the old async version, which is currently in use (GHSA-fwr7-v2mv-hh25). Would id be possible to update async to the latest version? This is a jump however from 0.9.x to 3.x.
Thanks
Matthias
The text was updated successfully, but these errors were encountered: