Giter Site home page Giter Site logo

Comments (5)

vorburger avatar vorburger commented on May 27, 2024

And separately a 3rd one get / parsejson https://nvd.nist.gov/vuln/detail/CVE-2017-16113

galkn/parsejson#4

from minecraft-storeys-maker.

vorburger avatar vorburger commented on May 27, 2024

@edewit re-opening this issue, as from what I understood #101 only fixed url-parse but not parsejson?

https://github.com/vorburger/minecraft-storeys-maker/network/dependencies changed and the 1st point above but still shows (for me...) for the 2nd point above:

We found a potential security vulnerability in one of your dependencies.
A dependency defined in scratch/package-lock.json has known security vulnerabilities and should be updated.

from minecraft-storeys-maker.

edewit avatar edewit commented on May 27, 2024

@vorburger the issue doesn't state what version of parsejson it should be. e.g. parsejson doesn't have a newer version than 0.0.3

from minecraft-storeys-maker.

vorburger avatar vorburger commented on May 27, 2024

@edewit from reading over galkn/parsejson#4 more closely than I have yesterday, and the gist of what they seem to be saying over there in that issue as well as on https://www.npmjs.com/advisories/528 is basically that parsejson is dead, and that the native JSON.parse() should be used instead, for both performance and security reasons. So it seems like we don't have to bump our parsejson usage version, but find out why (by what transitive dependency) we need it in the first place, and then try to bump that - or (help to?) get whatever other package is depending on it to get off it?

from minecraft-storeys-maker.

vorburger avatar vorburger commented on May 27, 2024

@edewit closing this as GitHub no longer shows any vulnerabilities now - thank you!!

from minecraft-storeys-maker.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.