Update node-forge version to 1.3.1 #397

praveendiwakar1 · 2022-03-31T13:09:37Z

We have identified a security vulnerability in the route that ends with @googleapis>google-auth-library>gtoken>google-p12-pem>node-forge and @google-cloud/pubsub>google-auth-library>gtoken>google-p12-pem>node-forge for node-forge version 1.0.0.

googleapis and google-cloud/pubsub is currently using node-forge version 1.0.0 (https://github.com/googleapis/google-p12-pem/blob/main/package.json#L43)

Upgrading to node-forge version 1.3.1 will help us to resolve this vulnerability.

The text was updated successfully, but these errors were encountered:

Fixes #397

praveendiwakar1 added priority: p2 Moderately-important priority. Fix may not be included in next release. type: bug Error or flaw in code with unintended results or allowing sub-optimal usage patterns. labels Mar 31, 2022

praveendiwakar1 mentioned this issue Apr 5, 2022

Update package.json #399

Closed

4 tasks

bcoe added a commit that referenced this issue Apr 11, 2022

fix(deps): force fixed version of node-forge

b85edf7

Fixes #397

bcoe mentioned this issue Apr 11, 2022

fix(deps): force fixed version of node-forge #403

Merged

bcoe closed this as completed in #403 Apr 11, 2022

bcoe added a commit that referenced this issue Apr 11, 2022

fix(deps): force fixed version of node-forge (#403)

f375cca

Fixes #397

release-please bot mentioned this issue Apr 11, 2022

chore(main): release 3.1.4 #404

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update node-forge version to 1.3.1 #397

Update node-forge version to 1.3.1 #397

praveendiwakar1 commented Mar 31, 2022

Update node-forge version to 1.3.1 #397

Update node-forge version to 1.3.1 #397

Comments

praveendiwakar1 commented Mar 31, 2022