Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Announce: v2.1 published on latest fixing CVE-2022-24999 #908

Closed
tunnckoCore opened this issue Dec 1, 2022 · 0 comments
Closed

Announce: v2.1 published on latest fixing CVE-2022-24999 #908

tunnckoCore opened this issue Dec 1, 2022 · 0 comments
Labels
Area: Security Things related to security. dependencies Pull requests that update a dependency file

Comments

@tunnckoCore
Copy link
Member

tunnckoCore commented Dec 1, 2022
edited

v2.1 is published with updated dependencies, fixing the CVE-2022-24999 of qs@6.9.3.

Now dependencies are with ^, and not pinned which was the problem, thus won't have such future issues.

From mail reports.
@tunnckoCore tunnckoCore added Area: Security Things related to security. dependencies Pull requests that update a dependency file labels Dec 1, 2022
@node-formidable node-formidable locked as resolved and limited conversation to collaborators Dec 1, 2022
@tunnckoCore tunnckoCore pinned this issue Dec 30, 2022
@GrosSacASac GrosSacASac unpinned this issue Jun 16, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Area: Security Things related to security. dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tunnckoCore @GrosSacASac