You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
As far as I am aware, vulnerability(high severity) CVE-2020-7720 detected in package node-forge(<0.10.0) is directly referenced by google-p12-pem@1.0.4, on which your package browserslist-ga@0.0.13 transitively depends. As such, this vulnerability can also affect browserslist-ga@0.0.13 via the following path: browserslist-ga@0.0.13 ➔ googleapis@39.2.0 ➔ google-auth-library@3.1.2 ➔ gtoken@2.3.3 ➔ google-p12-pem@1.0.4 ➔ node-forge@0.8.5(vulnerable version)
Since google-p12-pem has released a new patched version google-p12-pem@1.0.5 to resolve this issue (google-p12-pem@1.0.5 ➔ node-forge@0.10.0(fix version)), then this vulnerability patch can be automatically propagated into your project only if you update your package-lock.json file (delete package-lock.json and re-execute npm install command): browserslist-ga@0.0.13 ➔ googleapis@39.2.0 ➔ google-auth-library@3.1.2 ➔ gtoken@2.3.3 ➔ google-p12-pem@1.0.5 ➔ node-forge@0.10.0(vulnerability fix version).
A warm tip.^_^
Best regards,
Paimon
The text was updated successfully, but these errors were encountered:
Hi, @dmfrancisco, I have reported a vulnerability issue in package google-p12-pem.
As far as I am aware, vulnerability(high severity) CVE-2020-7720 detected in package node-forge(<0.10.0) is directly referenced by google-p12-pem@1.0.4, on which your package browserslist-ga@0.0.13 transitively depends. As such, this vulnerability can also affect browserslist-ga@0.0.13 via the following path:
browserslist-ga@0.0.13 ➔ googleapis@39.2.0 ➔ google-auth-library@3.1.2 ➔ gtoken@2.3.3 ➔ google-p12-pem@1.0.4 ➔ node-forge@0.8.5(vulnerable version)
Since google-p12-pem has released a new patched version google-p12-pem@1.0.5 to resolve this issue (google-p12-pem@1.0.5 ➔ node-forge@0.10.0(fix version)), then this vulnerability patch can be automatically propagated into your project only if you update your package-lock.json file (delete package-lock.json and re-execute npm install command):
browserslist-ga@0.0.13 ➔ googleapis@39.2.0 ➔ google-auth-library@3.1.2 ➔ gtoken@2.3.3 ➔ google-p12-pem@1.0.5 ➔ node-forge@0.10.0(vulnerability fix version)
.A warm tip.^_^
Best regards,
Paimon
The text was updated successfully, but these errors were encountered: