「Open source maintainer pulls the plug on npm packages colors and faker, now what? | Snyk」

Snyk issued a Denial of Service security vulnerability for colors@1.4.1, following this vulnerable code. We highly recommend you revert to colors@1.4.0, and pin your dependencies’ versions to avoid blind upgrades of the offending version. We also recommend you migrate to a different package.

Snyk issued a Denial of Service security vulnerability for colors@1.4.1, following this vulnerable code. We highly recommend you revert to colors@1.4.0, and pin your dependencies’ versions to avoid blind upgrades of the offending version. We also recommend you migrate to a different package.

snyk.io

Webページ

コンテンツ文字数:0 文字

見出し数(H2/H3タグ):0 個

閲覧数:87 件

2022-01-11 08:03:13

オリジナルページを開く

B!

タグ一覧
Open
source
maintainer
pulls
the
plug
on
npm
packages
colors
and
faker
now
what
SnykSnyk
issued
Denial
of
Service
security
vulnerability
for
1.4.1
following
this
vulnerable
code
We
highly
recommend
you
revert
to
1.4.0
pin
your
dependencies’
versions
avoid
blind
upgrades
offending
version
also
migrate
different
package
About
The
breaking
am
dependent
should
do
mitigate
Faker
js
Same
same
story
Dangers
open
governance
funding
models
Adopting
best
practices
Secure
dependencies