-
Notifications
You must be signed in to change notification settings - Fork 5
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Security issue #3
Comments
@ashaffer Are you looking into this issue? |
@lirantal Hey, sorry, I haven't checked this project in a while. How do I get into this private discussion? |
@ashaffer The issue was publicly disclosed a short time ago. That's how I learned about it. GitHub is about to alert all of your downstream dependencies about the issue. How quickly can you turnaround a fix? We'd prefer to publish the alert with a resolution. |
Patched, pushed & published. |
🙇 Thanks! |
should we close this issue? |
Yep, closed. |
Thank you both @ashaffer and @jhutchings1 for bring it up and addressing the issue quickly. |
Use a version after security fix ashaffer/cached-path-relative#3
Hey I’m George Makulu and I’m the owner of gmright2 I was just wondering what’s this projects and how gmright2 can help this process I hope someone will be able to reply back because I really do want understand |
Hello,
As a member of the Node.js Security WG
I would like to draw your attention to a security report that has been made regarding this package.
I have made attempts to contact the person identified as a maintainer of this package but did not get any answer. What is the best way to reach someone with commit rights over this repo and hopefully npm publishing rights as well, in order to invite them to privately discuss the issue on the HackerOne platform and provide a resolution?
Thanks,
Liran
References:
The text was updated successfully, but these errors were encountered: