New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Consider to rewrite without prototype pollution? #771
Comments
The |
Thanks for the review. |
I think you can ignore it using the Snyk CLI. See https://support.snyk.io/hc/en-us/articles/360003851317-Ignore-vulnerabilities. |
|
Dependabot too: CVE-2020-28280 |
@lpinca thanks - any news? |
No answer from @3rd-Eden. I sent a ping also yesterday. We could fork |
|
Has it been really solved? Still getting prototype pollution from Synk reports. Or is it safe to ingore this with the Snyk CLI? @lpinca |
Version: 5/6/7/8
Environment:
Expected result:
The library should be free of vulnerability
Actual result:
The library depends on fusing@1.0.0, which depends on predefined@0.1.2, which has vulnerability of "Prototype Pollution"
Steps to reproduce:
Check the primus vulnerability report from below websites:
Is this a false positive vulnerability report?
The text was updated successfully, but these errors were encountered: