这是indexloc提供的服务,不要输入任何密码
Skip to content

Dependency url-signature using a version of crypto-js with critical vulnerability #1104

New issue
New issue
Closed
Closed
Dependency url-signature using a version of crypto-js with critical vulnerability#1104
Labels
priority: p2Moderately-important priority. Fix may not be included in next release.type: bugError or flaw in code with unintended results or allowing sub-optimal usage patterns.
@elrond30

Description

@elrond30
elrond30
opened on Dec 5, 2023

Hi, looks like the package.json is using url-signature 1.0.4, which use a version of crypto-js with critical vulnerability. There is an opened issue in js-url-signature with a Pull Request, to update crypto-js version and solve the vulnerability.

googlemaps/js-url-signature#446

Thanks.

Metadata

Metadata

Assignees

No one assigned

    Labels

    priority: p2Moderately-important priority. Fix may not be included in next release.type: bugError or flaw in code with unintended results or allowing sub-optimal usage patterns.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions