Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

security vulnerability caused by [email protected] #45

Closed
filipesantoss opened this issue Aug 20, 2018 · 2 comments
Closed

security vulnerability caused by [email protected] #45

filipesantoss opened this issue Aug 20, 2018 · 2 comments
Labels
non issue Issue is not a problem or requires changes

Comments

@filipesantoss
Copy link

In our project, Snyk reported [email protected] as a dependency with a known security vulnerability
The latest version of cryptiles (4.1.2) seems to have fixed this vulnerability.

More info about the (medium severity) vulnerability in [email protected] can be found at
https://snyk.io/vuln/npm:cryptiles:20180710
@WesTyler
Copy link

This library is already using "cryptiles": "4.x.x", which will pull 4.1.2.

I think the Github security alerts just don't understand the .x.x version syntax. We had similar issues with the Hoek alerts this summer.

@WesTyler WesTyler added the non issue Issue is not a problem or requires changes label Aug 20, 2018
@lock
Copy link

lock bot commented Jan 9, 2020

This thread has been automatically locked due to inactivity. Please open a new issue for related bugs or questions following the new issue template instructions.

@lock lock bot locked as resolved and limited conversation to collaborators Jan 9, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
non issue Issue is not a problem or requires changes
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@WesTyler @filipesantoss