Skip to content
This repository has been archived by the owner on Jul 28, 2023. It is now read-only.

dot-prop vulnerability alert when installing ndb #317

Open
ghost opened this issue Jul 31, 2020 · 1 comment
Open

dot-prop vulnerability alert when installing ndb #317

ghost opened this issue Jul 31, 2020 · 1 comment

Comments

@ghost
Copy link

ghost commented Jul 31, 2020

Steps to reproduce

Tell us about your environment:

  • ndb version: 1.1.5
  • Platform / OS version: Windows 10
  • Node.js version: 12.18.3 x64

What steps will reproduce the problem?

Please include code that reproduces the issue.

  1. npm install ndb --save-dev
found 1 high severity vulnerability
    run `npm audit fix` to fix them, or `npm audit` for details
  1. npm audit fix
fixed 0 of 1 vulnerability in 144 scanned packages
    1 vulnerability required manual review and could not be updated
  1. npm audit
  High            Prototype Pollution

  Package         dot-prop

  Patched in      >=5.1.1

  Dependency of   ndb [dev]

  Path            ndb > update-notifier > configstore > dot-prop

  More info       https://npmjs.com/advisories/1213

What is the expected result?
Ndb would install without a problem.

What happens instead?
I got a scary looking vulnerability alert by npm.

I wanted to know if there was a patch for the vulnerability or if it was just overlooked somehow. I would also like to know what the current work arounds I can use at the current time.

@thinh105
Copy link

thinh105 commented Aug 7, 2020

Please fix that,

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant