Skip to content
This repository has been archived by the owner on Jul 27, 2024. It is now read-only.

Update node-forge version to 1.3.1 #397

Closed
praveendiwakar1 opened this issue Mar 31, 2022 · 0 comments · Fixed by #403 or #404
Closed

Update node-forge version to 1.3.1 #397

praveendiwakar1 opened this issue Mar 31, 2022 · 0 comments · Fixed by #403 or #404
Labels
priority: p2 Moderately-important priority. Fix may not be included in next release. type: bug Error or flaw in code with unintended results or allowing sub-optimal usage patterns.

Comments

@praveendiwakar1
Copy link

We have identified a security vulnerability in the route that ends with @googleapis>google-auth-library>gtoken>google-p12-pem>node-forge and @google-cloud/pubsub>google-auth-library>gtoken>google-p12-pem>node-forge for node-forge version 1.0.0.

googleapis and google-cloud/pubsub is currently using node-forge version 1.0.0 (https://github.com/googleapis/google-p12-pem/blob/main/package.json#L43)

Upgrading to node-forge version 1.3.1 will help us to resolve this vulnerability.
@praveendiwakar1 praveendiwakar1 added priority: p2 Moderately-important priority. Fix may not be included in next release. type: bug Error or flaw in code with unintended results or allowing sub-optimal usage patterns. labels Mar 31, 2022
@praveendiwakar1 praveendiwakar1 mentioned this issue Apr 5, 2022
Closed
4 tasks
bcoe added a commit that referenced this issue Apr 11, 2022
@bcoe
fix(deps): force fixed version of node-forge
b85edf7 
Fixes #397
@bcoe bcoe mentioned this issue Apr 11, 2022
Merged
@bcoe bcoe closed this as completed in #403 Apr 11, 2022
bcoe added a commit that referenced this issue Apr 11, 2022
@bcoe
fix(deps): force fixed version of node-forge (#403)
f375cca 
Fixes #397
@release-please release-please bot mentioned this issue Apr 11, 2022
Merged
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
priority: p2 Moderately-important priority. Fix may not be included in next release. type: bug Error or flaw in code with unintended results or allowing sub-optimal usage patterns.
Projects
None yet
Milestone
No milestone
1 participant
@praveendiwakar1