Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Critical vulnerability of peer dependency formidable #9598

Closed
FabianReitz opened this issue Apr 23, 2024 · 1 comment · Fixed by #9608
Closed

Critical vulnerability of peer dependency formidable #9598

FabianReitz opened this issue Apr 23, 2024 · 1 comment · Fixed by #9608

Comments

@FabianReitz
Copy link

FabianReitz commented Apr 23, 2024

Type of issue: (check with "[x]")

  • New feature request
  • Bug
  • Support request
  • Documentation

Current behaviour:

The @alfresco/js-api@7.7.0 uses a vulnerable version of superagent which exposes a critical vulnerability through a peer dependency:

Currently used version of superagent:

"superagent": "^8.1.2",

More information:

Expected behavior:

Use the patched version of superagent as soon as it is available

Steps to reproduce the issue:

  1. Clone this the alfresco-ng2-components repository
  2. Run npm install
  3. Run npm audit
  4. Run npm ls formidable

Component name and version:

package.json

Browser and version:

all

Node version (for build issues):

all

New feature request:

@FabianReitz
Copy link
Author

The new major version of superagent is now available:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

1 participant