Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Prototype pollution of dependency yargs #1913

Closed
tanettrimas opened this issue May 23, 2020 · 3 comments
Closed

Prototype pollution of dependency yargs #1913

tanettrimas opened this issue May 23, 2020 · 3 comments

Comments

@tanettrimas
Copy link

tanettrimas commented May 23, 2020
edited

Is this a feature request or a bug?

Bug

What is the current behavior?

I am getting security vulnerabilities from yargs-parser as you are using the yargs dependency. Even if I see that you recently updated packages in this PR: #1902, maybe you could try to do this again?

I ran npm audit fix, and got that it needed manual review.

Skjermbilde 2020-05-23 kl 17 41 46

Version information (for bug reports)

  • Firefox version: 76.0.1
  • Your OS and version: Mac OS Catalina 10.15.2
  • Paste the output of these commands: npm audit fix
node --version 12.14.1 && npm --version 6.14.5 && web-ext --version 4.2.0
@Rob--W
Copy link
Member

Rob--W commented May 28, 2020

This has been fixed in #1902, but we haven't published an update yet.

@tanettrimas
Copy link
Author

@Rob--W Thanks for the clarification :)

@rpl
Copy link
Member

rpl commented Jun 22, 2020

Closing as fixed (web-ext v4.3.0 has been just released on npm).

@rpl rpl closed this as completed Jun 22, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@rpl @Rob--W @tanettrimas