bynder-js-sdk node upgrade #129
Comments
|
I'm also seeing this vulnerability https://security.snyk.io/vuln/SNYK-JS-HAPIHOEK-548452 due to the outdated usage of |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi, bynder-js-sdk is using an outdated version of many libraries, is it possible to bring bynder-js-sdk on the latest node?
This package has too many security issues because of the outdated libraries.
Issues with no direct upgrade or patch:
✗ Cross-site Request Forgery (CSRF) [High Severity][https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459] in [email protected]
introduced by @bynder/[email protected] > [email protected]
This issue was fixed in versions: 0.28.0, 1.6.0
✗ Regular Expression Denial of Service (ReDoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-AXIOS-6124857] in [email protected]
introduced by @bynder/[email protected] > [email protected]
This issue was fixed in versions: 1.6.3
✗ Prototype Pollution [High Severity][https://security.snyk.io/vuln/SNYK-JS-AXIOS-6144788] in [email protected]
introduced by @bynder/[email protected] > [email protected]
This issue was fixed in versions: 1.6.4
FYI... @elseee @erikvanbrakel
The text was updated successfully, but these errors were encountered: