Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Critical vulnerability of peer dependency formidable #9598

Closed
FabianReitz opened this issue Apr 23, 2024 · 1 comment · Fixed by #9608
Closed

Critical vulnerability of peer dependency formidable #9598

FabianReitz opened this issue Apr 23, 2024 · 1 comment · Fixed by #9608

Comments

@FabianReitz
Copy link

FabianReitz commented Apr 23, 2024
edited
Loading

Type of issue: (check with "[x]")

  • New feature request
  • Bug
  • Support request
  • Documentation

Current behaviour:

The @alfresco/js-api@7.7.0 uses a vulnerable version of superagent which exposes a critical vulnerability through a peer dependency:

Currently used version of superagent:

alfresco-ng2-components/package.json

Line 90 in 1173253

"superagent": "^8.1.2",

More information:

Expected behavior:

Use the patched version of superagent as soon as it is available

Steps to reproduce the issue:

  1. Clone this the alfresco-ng2-components repository
  2. Run npm install
  3. Run npm audit
  4. Run npm ls formidable

Component name and version:

package.json

Browser and version:

all

Node version (for build issues):

all

New feature request:
@FabianReitz
Copy link
Author

The new major version of superagent is now available:

@nikita-web-ua nikita-web-ua linked a pull request Apr 29, 2024 that will close this issue
Bump formidable and superagent in js-api and adf-cli #9608
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Bump formidable and superagent in js-api and adf-cli Alfresco/alfresco-ng2-components
1 participant
@FabianReitz