Update lockfile to automatically remove the vulnerability introduced by date-and-time@0.13.1 #2
Comments
|
Oh thank you very much :-) this dependency isn’t used but I will remove it.
Beste Grüße,
Nils Baumgartner
… Am 22.08.2021 um 15:51 schrieb paimon0715 ***@***.***>:
Hi, @NilsBaumgartner1994, I have reported a vulnerability in package @google-cloud/storage.
As far as I am aware, vulnerability CVE-2020-26289 detected in package date-and-time<0.14.2 is directly referenced by @***@***.***, on which your package ***@***.*** transitively depends. As such, this vulnerability can also affect ***@***.*** via the following path:
***@***.*** ➔ ***@***.*** ➔ @***@***.*** ➔ ***@***.***(vulnerable version)
Since @google-cloud/storage has released a new patched version @***@***.*** to resolve this issue ***@***.******@***.*** ➔ ***@***.***(fix version)), then this vulnerability patch can be automatically propagated into your project only if you update your lockfile. The following is your new dependency path :
***@***.*** ➔ ***@***.*** ➔ @***@***.*** ➔ ***@***.***(vulnerability fix version).
A warm tip.^_^
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub, or unsubscribe.
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi, @NilsBaumgartner1994, I have reported a vulnerability in package @google-cloud/storage.
As far as I am aware, vulnerability CVE-2020-26289 detected in package date-and-time<0.14.2 is directly referenced by @google-cloud/storage@4.7.0, on which your package nsfw-api@1.0.58 transitively depends. As such, this vulnerability can also affect nsfw-api@1.0.58 via the following path:
nsfw-api@1.0.58 ➔ firebase-admin@8.13.0 ➔ @google-cloud/storage@4.7.0 ➔ date-and-time@0.13.1(vulnerable version)Since @google-cloud/storage has released a new patched version @google-cloud/storage@4.7.2 to resolve this issue (@google-cloud/storage@4.7.2 ➔ date-and-time@0.14.2(fix version)), then this vulnerability patch can be automatically propagated into your project only if you update your lockfile. The following is your new dependency path :
nsfw-api@1.0.58 ➔ firebase-admin@8.13.0 ➔ @google-cloud/storage@4.7.2 ➔ date-and-time@0.14.2(vulnerability fix version).A warm tip.^_^
The text was updated successfully, but these errors were encountered: