You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Would it be possible to create a new tag for rosnodejs and push it to NPM?
Right now 3.0.2 uses a version of async that has Prototype Pollution vulnerability CVE and it also uses a version of moment that has a Path Traversal vulnerability CVE.
Both vulnerabilities have been addressed in the develop branch. The patched version of Async is now in the package.json and moment has been removed as a package.
So the only thing left is to tag and publish the NPM Package 🤞
The text was updated successfully, but these errors were encountered:
Would it be possible to create a new tag for
rosnodejsand push it to NPM?Right now
3.0.2uses a version ofasyncthat has Prototype Pollution vulnerability CVE and it also uses a version ofmomentthat has a Path Traversal vulnerability CVE.Both vulnerabilities have been addressed in the develop branch. The patched version of
Asyncis now in thepackage.jsonandmomenthas been removed as a package.So the only thing left is to tag and publish the NPM Package 🤞
The text was updated successfully, but these errors were encountered: