New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

npm reports high vulnerabilities for moment and async #86

Open

madzim opened this issue Apr 20, 2022 · 2 comments

madzim commented Apr 20, 2022

Description

NPM is reporting high vulnerabilities with the moment and async dependencies.

This module depends on moment@2.19.3 and async@~0.2.9

moment

Current: 2.19.3
Vulnerable: < 2.29.2
Patched: >= 2.29.2
Report: [GHSA-8hfj-j24r-96c4](GHSA-8hfj-j24r-96c4)

async

Current: ~0.2.9
Vulnerable: < 2.6.4 and ( >= 3.0.0, < 3.2.2 )
Patched: 2.6.4 and 3.2.2
async vulnerability report: [GHSA-fwr7-v2mv-hh25](GHSA-fwr7-v2mv-hh25)

Author

madzim commented Apr 21, 2022

PR: #87

RopoMen commented Apr 28, 2022 •

edited

After this fix, update your package https://github.com/auth0/node-samlp as well. There is now three vulnerabilities; moment, async and ejs.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment