This repository has been archived by the owner on Jan 24, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 201
@openzeppelin/upgrades
package dependency vulnerabilities
#1514
Labels
Comments
Hi @ben-kaufman! We have been able to reproduce this issue by following these steps:
Thanks so much for reporting it! The project owner will review and triage this issue during the next week. |
The vulnerabilities are in web3 or it's dependencies and are not fixed in the latest version of web3 (You can check by installing web3@1.2.6). The Arbitrary File Write vulnerability should be fixed in a future version of web3 |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Hi, when adding the
@openzeppelin/upgrades
package to my project I receive warnings on package vulnerabilities (runningnpm audit
provides detail). They all seem to arise from theweb3
version you use here. Updating theweb3
package used here should solve the issue.The text was updated successfully, but these errors were encountered: