Netmask vulnerability

Question

Netmask vulnerability

yinzara opened this issue 3 years ago · comments

Matthew Vance commented 3 years ago

https://www.npmjs.com/advisories/1658

This library uses the "pac-resolver" package which currently has an open PR to upgrade netmask to 2.0.1

TooTallNate/node-pac-resolver#25

Once this is closed and a new version released, this project will also need to update.

Juan Ignacio Restrepo · Answer 1 · Fri Apr 02 2021 00:35:01 GMT+0800 (China Standard Time)

@yinzara TooTallNate/node-pac-resolver#25 was merged yesterday. It seems that this project won't need the update, since pac-resolver released a new patch version. It should get picked up automatically by pac-proxy-agent.

Nathan Rajlich · Answer 2 · Fri Apr 02 2021 02:16:18 GMT+0800 (China Standard Time)

@juan-restrepo Is correct, the semver range allows for the new 4.1.1 to be picked up. Please run yarn upgrade or equivalent.