Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security vulnerability on prebuild-install dependency. #4281

Closed
DtheRock opened this issue Jan 29, 2022 · 2 comments · Fixed by #4282
Closed

Security vulnerability on prebuild-install dependency. #4281

DtheRock opened this issue Jan 29, 2022 · 2 comments · Fixed by #4282
Assignees
@takameyer
Labels
O-Community T-Bug

Comments

@DtheRock
Copy link

DtheRock commented Jan 29, 2022
edited by sync-by-unito bot
Loading

How frequently does the bug occur?

All the time

Description

Hi,

You need to consider using a later version of prebuild-install as the "^6.1.1" that you are currently using, has a "High Severity" dependency vulnerability that comes from the simple-get < 4.0.1 version.

Here is the respective CVE-2022-0355 GHSA-wpg7-2c88-r8xv

Stacktrace & log output

No response

Can you reproduce the bug?

Yes, always

Reproduction Steps

No response

Version

N/A

What SDK flavour are you using?

MongoDB Realm (i.e. Sync, auth, functions)

Are you using encryption?

Yes, using encryption

Platform OS and version(s)

N/A

Build environment

Which debugger for React Native: ..

Cocoapods version

N/A
@DtheRock DtheRock added the T-Bug label Jan 29, 2022
@takameyer takameyer mentioned this issue Jan 31, 2022
Merged
9 tasks
@takameyer
Copy link
Contributor

@DtheRock Thanks for the report. We will get this fixed right away.

@DtheRock
Copy link
Author

DtheRock commented Feb 1, 2022

Hi,

Thanks for your great support and the quick response. Can you push the security update to the Realm JavaScript v10.20.0-beta.1 version too?

Thanks

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Mar 15, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@takameyer takameyer

Labels
O-Community T-Bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Security Upgrade realm/realm-js
2 participants
@takameyer @DtheRock