firebase / superstatic

Superstatic: a static file server for fancy apps.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

high severity vulnerability

cupidchan opened this issue · comments

This has a dependency
└─┬ superstatic@6.0.4
└─┬ update-notifier@2.5.0
└─┬ configstore@3.1.2
└── dot-prop@4.2.0
and dot-prop has a high severity vulnerability: https://npmjs.com/advisories/1213 The function set does not restrict the modification of an Object's prototype, which may allow an attacker to add or modify an existing property that will exist on all objects. The remediation is to upgrade to version 5.1.1 or later.

If we upgrade update-notifier to 4.1.0, the downstream dependency should be updated with the high severity vulnerability fixed.

This should be resolved now. Thanks!