New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Prototype Pollution in async - https://github.com/advisories/GHSA-fwr7-v2mv-hh25 #3245
Comments
The possible fix for this is being tracked here: caolan/async#1828 Not on us but I'll leave this open for the time being |
Thanks @thecrypticace |
Looks like the patch for the security issue was backported and now available in 2.6.4. So while the npm audit is still showing it as vulnerable, 2.6.4 is patched and we can probably close this issue. |
Any temporary solution to this? |
I don't know if it can help but I've modified temporarily package.json in my Laravel Project, in this way:
(not mine temporary solution!) |
@inspiraller just run an upgrade and you will get the updated and patched 2.6.4 version |
@GiorgiaBoniniEstar my understanding was that the 3.x version introduced breaking changes so folks are better sticking with the 2.x branch |
@arborrow - I'm already using "webpack-dev-server": "4.8.1" - latest version |
yep, the version is only an example and this is absolutely temporary, I've just changed from ">3.2.2" to "">=2.6.4"" and it works like a charm |
npm list --depth=0
)node -v
): 16.14.2npm -v
): 8.5.0Description:
When running
npm audit
warnings are given aboutasync
in the upstreamwebpack-dev-server
andportfinder
.Steps To Reproduce:
Run
npm audit
.The text was updated successfully, but these errors were encountered: