Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Get Critical vulnerabilities warning while installing it. #154

Open
abu-veltra opened this issue Jun 22, 2023 · 2 comments
Open

Get Critical vulnerabilities warning while installing it. #154

abu-veltra opened this issue Jun 22, 2023 · 2 comments

Comments

@abu-veltra
Copy link

(Thanks for reporting an issue! Please, then fill out the blanks below.)

What are the steps to reproduce this issue?

  1. Install it via NPM
  2. npm i --save-dev serverless-plugin-canary-deployments

What happens?

Got Critical vulnerabilities warning while installing this plugin to my local machine.

What were you expecting to happen?

Install normally.

Any logs, error output, etc?

flat  <5.0.1
Severity: critical
flat vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-2j2x-2gpw-g8fm
No fix available
node_modules/serverless-plugin-canary-deployments/node_modules/flat
  serverless-plugin-canary-deployments  *
  Depends on vulnerable versions of flat
  node_modules/serverless-plugin-canary-deployments

Any other comments?

N/A

What versions of software are you using?

Node Version: v18.0.0
NPM Version: 8.6.0

@JaroVDH
Copy link

JaroVDH commented Jul 6, 2023

I found this issue while doing my "Are these overrides still required" rounds.
It doesn't look like this package is maintained anymore, so you'll have to override this dependency yourself, ie. add something like this to your package.json:

"overrides": {
	"serverless-plugin-canary-deployments": {
		"flat": "^5.0.2"
	},
}

@khvn26
Copy link

khvn26 commented Apr 18, 2024

Hello there! We bumped a bunch of dependencies, including flat, in our fork and published it to npm.

You can try npm i @flagsmith/serverless-plugin-canary-deployments and tell us what you think!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants