Skip to content
This repository has been archived by the owner on Jan 20, 2024. It is now read-only.

tough-cookie critical vulnerability #211

Open
jaime-az opened this issue Sep 6, 2023 · 3 comments
Open

tough-cookie critical vulnerability #211

jaime-az opened this issue Sep 6, 2023 · 3 comments

Comments

@jaime-az
Copy link

jaime-az commented Sep 6, 2023

Hi, seems like the version of the tough-cookie library used in version 4.3.3 has a critical vulnerability.

CVE-2023-26136

[tough-cookie]
Impacted version: 3.0.1
Fix version: 4.1.3
@SimeonC
Copy link

SimeonC commented Oct 10, 2023

From the dependencies there are issues opened on lower repositories that'll have to be fixed. Once popsicle-cookie-jar has updated we can just run npm update popsicle-cookie-jar and it should update (and as long as it's just a 1.0.0 -> 1.0.1 release)

└─ [email protected]
    └─ [email protected]
       └─ [email protected]
          └─  [email protected]

@kconvery
Copy link

kconvery commented Nov 23, 2023
edited
Loading

popsicle 12.1.2 is now available so could we please see if we can get this vulnerability resolved.

@SimeonC
Copy link

SimeonC commented Nov 27, 2023

@kconvery It looks like popsicle was just a patch version up. If you run npm update popsicle the issue should be fixed.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@SimeonC @kconvery @jaime-az