dot-prop vulnerability alert when installing ndb #317

ghost · 2020-07-31T19:25:15Z

Steps to reproduce

Tell us about your environment:

ndb version: 1.1.5
Platform / OS version: Windows 10
Node.js version: 12.18.3 x64

What steps will reproduce the problem?

Please include code that reproduces the issue.

npm install ndb --save-dev

found 1 high severity vulnerability
    run `npm audit fix` to fix them, or `npm audit` for details

npm audit fix

fixed 0 of 1 vulnerability in 144 scanned packages
    1 vulnerability required manual review and could not be updated

npm audit

  High            Prototype Pollution

  Package         dot-prop

  Patched in      >=5.1.1

  Dependency of   ndb [dev]

  Path            ndb > update-notifier > configstore > dot-prop

  More info       https://npmjs.com/advisories/1213

What is the expected result?
Ndb would install without a problem.

What happens instead?
I got a scary looking vulnerability alert by npm.

I wanted to know if there was a patch for the vulnerability or if it was just overlooked somehow. I would also like to know what the current work arounds I can use at the current time.

The text was updated successfully, but these errors were encountered:

thinh105 · 2020-08-07T06:37:18Z

Please fix that,

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

dot-prop vulnerability alert when installing ndb #317

dot-prop vulnerability alert when installing ndb #317

ghost commented Jul 31, 2020

thinh105 commented Aug 7, 2020

dot-prop vulnerability alert when installing ndb #317

dot-prop vulnerability alert when installing ndb #317

Comments

ghost commented Jul 31, 2020

Steps to reproduce

thinh105 commented Aug 7, 2020