Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update dependency @koa/cors to v5 #5

Closed
flovogt opened this issue Dec 14, 2023 · 4 comments
Closed

Update dependency @koa/cors to v5 #5

flovogt opened this issue Dec 14, 2023 · 4 comments

Comments

@flovogt
Copy link

flovogt commented Dec 14, 2023

Great work! Any plans to update the dependency to latest version of @koa/cors?
@flovogt flovogt mentioned this issue Dec 14, 2023
Merged
@janpe
Copy link

janpe commented Dec 18, 2023
edited
Loading

And this vulnerability would probably be the reason: https://security.snyk.io/vuln/SNYK-JS-KOACORS-6117545

@pjammula
Copy link

pjammula commented Jan 8, 2024

Hello lwsjs/cors team,
Can you pick this issue and update dependency of @kao/cors to v5?
We are also blackduck violations due to this vulnerability.

@75lb
Copy link
Member

75lb commented Jan 8, 2024

Thanks for letting me know and sorry about the delay, I raised an objection regarding recent breaking changes in @koa/cors but for now, since it's a trivial issue (returning either * or the passed in origin have the same effect), I'm working around it.

Fixed and released in @lwsjs/cors v4.2.1. Please update or reinstall your local-web-server.

@75lb 75lb closed this as completed Jan 8, 2024
@pjammula
Copy link

pjammula commented Jan 8, 2024

Thank you for the quick turn around!
Will re-install and update here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@janpe @75lb @flovogt @pjammula